Heap-based buffer overflow in wolfSSL - CVE-2026-6679
Published: July 1, 2026
wolfSSL
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to a heap-based buffer overflow in the DTLS 1.3 ACK serialization path when computing the length of the ACK record-number list. A remote attacker can send crafted DTLS 1.3 traffic to execute arbitrary code.
The issue occurs before the connecting peer is authenticated and affects builds using DTLS 1.3.