Buffer overflow in wolfSSL - CVE-2026-5448

 

Buffer overflow in wolfSSL - CVE-2026-5448

Published: April 14, 2026


Vulnerability identifier: #VU125940
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-5448
CWE-ID: CWE-120
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: wolfSSL
Affected software:
wolfSSL

Detailed vulnerability description

The vulnerability allows a remote user to cause a denial of service or execute arbitrary code.

The vulnerability exists due to a buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore when parsing date fields from a crafted X.509 certificate via the compatibility layer API. A remote user can supply a crafted X.509 certificate to cause a denial of service or execute arbitrary code.

This is only triggered when an application calls these APIs directly and does not affect TLS or certificate verification operations.


How to mitigate CVE-2026-5448

Install security update from vendor's website.

Sources