Heap-based buffer overflow in wolfSSL - CVE-2026-6679

 

Heap-based buffer overflow in wolfSSL - CVE-2026-6679

Published: July 1, 2026


Vulnerability identifier: #VU136629
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2026-6679
CWE-ID: CWE-122
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: wolfSSL
Affected software:
wolfSSL

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to a heap-based buffer overflow in the DTLS 1.3 ACK serialization path when computing the length of the ACK record-number list. A remote attacker can send crafted DTLS 1.3 traffic to execute arbitrary code.

The issue occurs before the connecting peer is authenticated and affects builds using DTLS 1.3.


How to mitigate CVE-2026-6679

Install security update from vendor's website.

Sources