SB2026041461 - Multiple vulnerabilities in wolfSSL
Published: April 14, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 21 secuirty vulnerabilities.
1) Observable discrepancy (CVE-ID: CVE-2026-5504)
The vulnerability allows a remote attacker to recover plaintext.
The vulnerability exists due to improper cryptographic validation in PKCS7 CBC decryption when processing modified ciphertext through repeated decryption queries. A remote attacker can submit modified ciphertexts to recover plaintext.
In affected versions, the interior padding bytes are not validated.
2) Out-of-bounds read (CVE-ID: CVE-2026-5393)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to an out-of-bounds read in dual-algorithm CertificateVerify message processing when handling crafted input. A remote attacker can send a specially crafted CertificateVerify message to cause a denial of service.
This can only occur in builds compiled with both --enable-experimental and --enable-dual-alg-certs.
3) Integer underflow (CVE-ID: CVE-2026-5778)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to an integer underflow leading to an out-of-bounds read in the ChaCha20-Poly1305 decryption path when processing a malformed TLS 1.2 record with a payload shorter than the AEAD MAC size. A remote attacker can send a malformed TLS 1.2 record to cause a denial of service.
This only affects sniffer builds.
4) Out-of-bounds read (CVE-ID: CVE-2026-5772)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to an out-of-bounds read in MatchDomainName in src/internal.c when processing wildcard patterns with the LEFT_MOST_WILDCARD_ONLY flag active. A remote attacker can supply a crafted wildcard pattern to cause a denial of service.
The issue is a 1-byte stack buffer over-read that occurs when the wildcard exhausts the entire hostname string.
5) Buffer overflow (CVE-ID: CVE-2026-5448)
The vulnerability allows a remote user to cause a denial of service or execute arbitrary code.
The vulnerability exists due to a buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore when parsing date fields from a crafted X.509 certificate via the compatibility layer API. A remote user can supply a crafted X.509 certificate to cause a denial of service or execute arbitrary code.
This is only triggered when an application calls these APIs directly and does not affect TLS or certificate verification operations.
6) Integer underflow (CVE-ID: CVE-2026-5188)
The vulnerability allows a remote attacker to cause incorrect handling of certificate data.
The vulnerability exists due to an integer underflow in Subject Alternative Name extension parsing when processing a malformed X.509 certificate. A remote attacker can supply a malformed certificate with an entry length larger than the enclosing sequence to cause incorrect handling of certificate data.
The issue is limited to configurations using the original ASN.1 parsing implementation, which is off by default.
7) Out-of-bounds write (CVE-ID: CVE-2026-5187)
The vulnerability allows a remote attacker to cause a denial of service or execute arbitrary code.
The vulnerability exists due to an out-of-bounds write in DecodeObjectId() when parsing a crafted ASN.1 object identifier. A remote attacker can supply a specially crafted ASN.1 object identifier to cause a denial of service or execute arbitrary code.
The issue is caused by an off-by-one bounds check combined with a sizeof mismatch.
8) Release of invalid pointer or reference (CVE-ID: CVE-2026-5507)
The vulnerability allows a remote user to trigger an arbitrary free.
The vulnerability exists due to improper validation of a pointer from serialized session data in session restore APIs when restoring a session from cache. A remote user can poison the session cache with a crafted session to trigger an arbitrary free.
Exploitation requires the ability to inject a crafted session into the cache and for the application to call specific session restore APIs.
9) Double free (CVE-ID: CVE-2026-5460)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a double free in the TLS 1.3 PQC hybrid KeyShare error cleanup path when processing a truncated ServerHello KeyShare. A remote attacker can send a specially crafted ServerHello message to cause a denial of service.
The issue is triggered by a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare.
10) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2026-5194)
The vulnerability allows a remote attacker to reduce the security of certificate-based authentication.
The vulnerability exists due to improper cryptographic signature verification in signature verification functions when verifying certificate signatures. A remote attacker can present certificates with digests smaller than allowed to reduce the security of certificate-based authentication.
The issue affects multiple signature algorithms, including ECDSA/ECC, DSA, ML-DSA, ED25519, and ED448.
11) Reusing a Nonce, Key Pair in Encryption (CVE-ID: CVE-2026-5446)
The vulnerability allows a remote attacker to compromise message confidentiality and integrity.
The vulnerability exists due to nonce reuse in TLS 1.2 record encryption when using ARIA-GCM. A remote attacker can exploit repeated nonces to compromise message confidentiality and integrity.
ARIA cipher support requires the proprietary MagicCrypto library and the --enable-aria build option.
12) Out-of-bounds read (CVE-ID: CVE-2026-5392)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to an out-of-bounds read in PKCS7_VerifySignedData() when parsing a crafted PKCS7 message. A remote attacker can provide a specially crafted PKCS7 message to cause a denial of service.
This only affects builds with PKCS7 support enabled.
13) Heap-based buffer overflow (CVE-ID: CVE-2026-5503)
The vulnerability allows a remote attacker to cause a denial of service or execute arbitrary code.
The vulnerability exists due to a heap-based buffer overflow in TLSX_EchChangeSNI and TLSX_SNI_Write when processing ECH SNI state changes. A remote attacker can supply an attacker-controlled publicName to cause a denial of service or execute arbitrary code.
The overflow occurs when no inner SNI is configured.
14) Improper Certificate Validation (CVE-ID: CVE-2026-5501)
The vulnerability allows a remote attacker to bypass certificate signature verification.
The vulnerability exists due to improper certificate validation in wolfSSL_X509_verify_cert() in the OpenSSL compatibility layer when processing a certificate chain with an untrusted intermediate marked CA:FALSE. A remote attacker can supply a crafted certificate chain to bypass certificate signature verification.
The issue is limited to applications using the OpenSSL compatibility API directly and does not affect the native wolfSSL TLS handshake path.
15) Improper input validation (CVE-ID: CVE-2026-5500)
The vulnerability allows a remote attacker to bypass authentication checks.
The vulnerability exists due to improper input validation in wc_PKCS7_DecodeAuthEnvelopedData() when processing the AES-GCM authentication tag length. A remote attacker can truncate the mac field to bypass authentication checks.
A man-in-the-middle can reduce the tag length from 16 bytes to 1 byte.
16) Heap-based buffer overflow (CVE-ID: CVE-2026-5447)
The vulnerability allows a remote attacker to execute arbitrary code or cause a denial of service.
The vulnerability exists due to a heap-based buffer overflow in CertFromX509 when converting an X.509 certificate internally. A remote attacker can supply a crafted X.509 certificate with a malformed AuthorityKeyIdentifier extension to execute arbitrary code or cause a denial of service.
The issue is caused by incorrect size handling of the AuthorityKeyIdentifier extension.
17) Insufficient verification of data authenticity (CVE-ID: CVE-2026-5477)
The vulnerability allows a remote attacker to bypass message authentication integrity checks.
The vulnerability exists due to improper cryptographic implementation in AES-EAX AEAD and CMAC processing when handling messages larger than 4 GiB. A remote attacker can modify the first 4 GiB of ciphertext in an observed valid message to bypass message authentication integrity checks.
Exploitation requires observing one valid ciphertext and tag pair for a message larger than 4 GiB.
18) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2026-5466)
The vulnerability allows a remote attacker to forge signatures.
The vulnerability exists due to improper cryptographic signature verification in wc_VerifyEccsiHash when decoding the r and s scalars from the signature blob. A remote attacker can provide a crafted forged signature to forge signatures.
The verifier does not check that the decoded scalars lie in the range [1, q-1].
19) Stack-based buffer overflow (CVE-ID: CVE-2026-5295)
The vulnerability allows a remote attacker to execute arbitrary code or cause a denial of service.
The vulnerability exists due to a stack-based buffer overflow in PKCS7 ORI OID processing when parsing a PKCS7 envelope with a crafted ORI OID value. A remote attacker can provide a specially crafted PKCS7 envelope to execute arbitrary code or cause a denial of service.
20) Improper Certificate Validation (CVE-ID: CVE-2026-5263)
The vulnerability allows a remote attacker to bypass certificate name constraints validation.
The vulnerability exists due to improper certificate validation in wolfcrypt/src/asn.c when verifying certificate chains containing URI SAN entries. A remote attacker can supply a crafted certificate chain to bypass certificate name constraints validation.
Exploitation requires a compromised or malicious subordinate CA.
21) Heap-based buffer overflow (CVE-ID: CVE-2026-5264)
The vulnerability allows a remote attacker to execute arbitrary code or cause a denial of service.
The vulnerability exists due to a heap-based buffer overflow in DTLS 1.3 ACK message processing when handling a crafted DTLS 1.3 ACK message. A remote attacker can send a specially crafted DTLS 1.3 ACK message to execute arbitrary code or cause a denial of service.
Remediation
Install update from vendor's website.