Out-of-bounds read in wolfSSL - CVE-2026-6094
Published: July 1, 2026
wolfSSL
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to an out-of-bounds read in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. A remote attacker can supply crafted PKCS7 EnvelopedData to cause a denial of service.
This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS.