CVE-2026-4159 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out…
Low CVSS: 1.2

CVE-2026-4159

1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted content. Note that PKCS7 support is disabled by default.
Vendor
-
Product
-
CWE
CWE-125
Yayın Tarihi
2026-03-19 22:16:42
Güncelleme
2026-03-20 13:37:50
Source Identifier
facts@wolfssl.com
KEV Date Added
-

Kategoriler

CWE-125 LOW 2026

Referanslar

https://github.com/wolfSSL/wolfssl/pull/9945