CVE-2026-3549

High CVSS: 8.3

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving.

Vendor

Wolfssl

Product

Wolfssl

CWE

CWE-122

Yayın Tarihi

2026-03-19 21:17:12

Güncelleme

2026-03-26 18:21:41

Source Identifier

facts@wolfssl.com

KEV Date Added

Kategoriler

CWE-122 Wolfssl HIGH Wolfssl 2026

Referanslar

https://github.com/wolfSSL/wolfssl/pull/9817

Benzer Kayıtlar

Medium

CVE-2026-3849

Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH (E…

Low

CVE-2026-4395

Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote at…

Low

CVE-2026-3229

An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused heap corruption when…

Low

CVE-2026-3230

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a c…

High

CVE-2026-3547

Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds re…

Low

CVE-2026-3579

wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The…