CVSS: 1.2EPSS: 0%CPEs: 1EXPL: 0CVE-2026-4159 – wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read
https://notcve.org/view.php?id=CVE-2026-4159
19 Mar 2026 — 1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted content. Note that PKCS7 support is disabled by default. Lectura de montón fuera de límites (OOB) de 1 byte en wc_PKCS7_DecodeEnvelopedData a través de contenido cifrado de longitud cero. Existía una vulnerabilidad... • https://github.com/wolfSSL/wolfssl/pull/9945 • CWE-125: Out-of-bounds Read •
CVSS: 1.2EPSS: 0%CPEs: 1EXPL: 0CVE-2026-3229 – Integer Overflow in Certificate Chain Allocation
https://notcve.org/view.php?id=CVE-2026-3229
19 Mar 2026 — An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certificate buffer. wolfssl_add_to_chain is called by these API: wolfSSL_CTX_add_extra_chain_cert, wolfSSL_CTX_add1_chain_cert, wolfSSL_add0_chain_cert. These API are enabled for 3rd party compatibility features: enable-opensslall, enable-opensslextra, enable-lighty, enable-stunnel, enable-nginx, enable-haproxy. This iss... • https://github.com/wolfSSL/wolfssl/pull/9827 • CWE-122: Heap-based Buffer Overflow •
CVSS: 1.2EPSS: 0%CPEs: 1EXPL: 0CVE-2026-3230 – Improper key_share validation in TLS 1.3 HelloRetryRequest
https://notcve.org/view.php?id=CVE-2026-3230
19 Mar 2026 — Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does not affect the client's authentication of the server during TLS handshakes. Falta un paso criptográfico requerido en ... • https://github.com/wolfSSL/wolfssl/pull/9754 • CWE-20: Improper Input Validation •
CVSS: 1.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-4395 – Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path
https://notcve.org/view.php?id=CVE-2026-4395
19 Mar 2026 — Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffer via a crafted oversized EC public key point. The WOLFSSL_KCAPI_ECC code path copies the input to key->pubkey_raw (132 bytes) using XMEMCPY without a bounds check, unlike the ATECC code path which includes a length validation. This can be triggered during TLS key exchange when a malicious peer sends a crafted ... • https://github.com/wolfSSL/wolfssl/pull/9988 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-3547 – wolfSSL: out-of-bounds read (DoS) in ALPN parsing due to incomplete validation
https://notcve.org/view.php?id=CVE-2026-3547
19 Mar 2026 — Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled (HAVE_ALPN / --enable-alpn). A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash (denial of service). Note that ALPN is disabled by default, but is enabled for these 3rd party compatibility features: enable-apachehttpd, enable-bind, enable-curl, enable-haproxy, enable-hitch, enable-lighty, e... • https://github.com/wolfSSL/wolfssl/pull/9859 • CWE-125: Out-of-bounds Read •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-3549 – ECH parsing heap buffer overflow
https://notcve.org/view.php?id=CVE-2026-3549
19 Mar 2026 — Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving. Desbordamiento de montículo en el análisis de ECH de TLS 1.3. Existía un desbordamiento negativo de enteros en la lógica de análisis de la extensión ECH al calcular la longitud de un búfer, lo que resultó en la escritura más al... • https://github.com/wolfSSL/wolfssl/pull/9817 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2026-3548 – Buffer overflow in CRL number parsing in wolfSSL
https://notcve.org/view.php?id=CVE-2026-3548
19 Mar 2026 — Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs, either of these out of bound writes could be triggered. Note this only affects builds that specifically enable CRL support, and the user would need to load a CRL from an untrusted source. Dos vulnerabilidades de des... • https://github.com/wolfSSL/wolfssl/pull/9628 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2026-2646 – Heap buffer overflow in session parsing with wolfSSL_d2i_SSL_SESSION() function
https://notcve.org/view.php?id=CVE-2026-2646
19 Mar 2026 — A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When deserializing session data with SESSION_CERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and corrupt heap memory. A maliciously crafted session would need to be loaded from an external source to trigger this vulnerability. Internal sessions were not vulnerable. Una vulnerabilidad de desbordamiento de... • https://github.com/wolfSSL/wolfssl/pull/9748 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-2645 – Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2
https://notcve.org/view.php?id=CVE-2026-2645
19 Mar 2026 — In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 (wolfSSL 5.8.2 and earlier is vulnerable, 5.8.4 is not vulnerable). In 5.8.4 wolfSSL would detect the issue later in the handshake. 5.9.0 was further hardened to catch the issue earlier in the handshake. En wolfSSL 5.8.2 y versiones anteriores, ex... • https://github.com/wolfSSL/wolfssl/pull/9694 • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2026-1005 – Integer underflow leads to out-of-bounds access in sniffer AES-GCM/CCM/ARIA-GCM decrypt path
https://notcve.org/view.php?id=CVE-2026-1005
19 Mar 2026 — Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_DecodePacket. The underflow wraps a 16-bit length to a large value that is passed to AEAD decryption routines, causing heap buffer overflow and a crash. An unauthenticated attacker can trigger this remotely via malformed TLS Application Data records. Un desbordamiento negativ... • https://github.com/wolfSSL/wolfssl/pull/9571 • CWE-191: Integer Underflow (Wrap or Wraparound) •