Integer underflow in wolfSSL - CVE-2026-5188

 

Integer underflow in wolfSSL - CVE-2026-5188

Published: April 14, 2026


Vulnerability identifier: #VU125939
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-5188
CWE-ID: CWE-191
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: wolfSSL
Affected software:
wolfSSL

Detailed vulnerability description

The vulnerability allows a remote attacker to cause incorrect handling of certificate data.

The vulnerability exists due to an integer underflow in Subject Alternative Name extension parsing when processing a malformed X.509 certificate. A remote attacker can supply a malformed certificate with an entry length larger than the enclosing sequence to cause incorrect handling of certificate data.

The issue is limited to configurations using the original ASN.1 parsing implementation, which is off by default.


How to mitigate CVE-2026-5188

Install security update from vendor's website.

Sources