CVE-2026-3547

High CVSS: 7.5

Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled (HAVE_ALPN / --enable-alpn). A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash (denial of service). Note that ALPN is disabled by default, but is enabled for these 3rd party compatibility features: enable-apachehttpd, enable-bind, enable-curl, enable-haproxy, enable-hitch, enable-lighty, enable-jni, enable-nginx, enable-quic.

Vendor

Wolfssl

Product

Wolfssl

CWE

CWE-125

Yayın Tarihi

2026-03-19 21:17:12

Güncelleme

2026-03-26 18:27:31

Source Identifier

facts@wolfssl.com

KEV Date Added

Kategoriler

CWE-125 Wolfssl HIGH Wolfssl 2026

Referanslar

https://github.com/wolfSSL/wolfssl/pull/9859

Benzer Kayıtlar

Medium

CVE-2026-3849

Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH (E…

Low

CVE-2026-4395

Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote at…

Low

CVE-2026-3229

An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused heap corruption when…

Low

CVE-2026-3230

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a c…

High

CVE-2026-3549

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buf…

Low

CVE-2026-3579

wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The…