Wolfssl

By the Year

In 2026 there have been 18 vulnerabilities in Wolfssl with an average score of 7.5 out of ten. Last year, in 2025 Wolfssl had 12 security vulnerabilities published. That is, 6 more vulnerabilities have already been reported in 2026 as compared to last year.

Recent Wolfssl Security Vulnerabilities

CVE	Date	Vulnerability	Products
CVE-2026-4159	Mar 19, 2026	wolfSSL <=5.8.4 OOB Heap Read wc_PKCS7_DecodeEnvelopedData 1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted content. Note that PKCS7 support is disabled by default.	Wolfssl
CVE-2026-3229	Mar 19, 2026	Integer Overflow in wolfSSL wolfssl_add_to_chain <5.9.0 An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certificate buffer. wolfssl_add_to_chain is called by these API: wolfSSL_CTX_add_extra_chain_cert, wolfSSL_CTX_add1_chain_cert, wolfSSL_add0_chain_cert. These API are enabled for 3rd party compatibility features: enable-opensslall, enable-opensslextra, enable-lighty, enable-stunnel, enable-nginx, enable-haproxy. This issue is not remotely exploitable, and would require that the application context loading certificates is compromised.	Wolfssl
CVE-2026-3230	Mar 19, 2026	Missing TLS1.3 HRR Step in wolfSSL Leading to Predictable Secrets Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does not affect the client's authentication of the server during TLS handshakes.	Wolfssl
CVE-2026-4395	Mar 19, 2026	Heap Overflow in wolfSSL ECC Import via Oversized EC Point Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffer via a crafted oversized EC public key point. The WOLFSSL_KCAPI_ECC code path copies the input to key->pubkey_raw (132 bytes) using XMEMCPY without a bounds check, unlike the ATECC code path which includes a length validation. This can be triggered during TLS key exchange when a malicious peer sends a crafted ECPoint in ServerKeyExchange.	Wolfssl
CVE-2026-3849	Mar 19, 2026	Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config - wolfSSL 5.8.4 Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH (Encrypted Client Hello) support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client program crash. This could be exploited by a malicious TLS server supporting ECH. Note that ECH is off by default, and is only enabled with enable-ech.	Wolfssl
CVE-2026-3547	Mar 19, 2026	WolfSSL <=5.8.4 ALPN OOB Read Crash Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled (HAVE_ALPN / --enable-alpn). A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash (denial of service). Note that ALPN is disabled by default, but is enabled for these 3rd party compatibility features: enable-apachehttpd, enable-bind, enable-curl, enable-haproxy, enable-hitch, enable-lighty, enable-jni, enable-nginx, enable-quic.	Wolfssl
CVE-2026-3549	Mar 19, 2026	CVE-2026-3549: Heap Overflow in wolfSSL 0-5.9.0 TLS1.3 ECH Parsing Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving.	Wolfssl
CVE-2026-3580	Mar 19, 2026	WolfSSL 5.8.4 RISC-V Timing Leak in sp_256_get_entry_256_9 ECC In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_9 is optimized into conditional branches (bnez) by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret keys via timing analysis.	Wolfssl
CVE-2026-3579	Mar 19, 2026	wolfSSL 5.8.4 on RISCV RV32I Lacks ConstantTime 64bit Mul: Timing SideChannel wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted __muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions (sp_256_mul_9, sp_256_sqr_9, etc.), leading to a timing side-channel that may expose sensitive cryptographic data.	Wolfssl
CVE-2026-3503	Mar 19, 2026	wolfSSL wolfCrypt PQ ML-KEM/ML-DSA Physical Fault Vulnerability Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during Keccak-based expansion. This issue affects wolfSSL (wolfCrypt): commit hash d86575c766e6e67ef93545fa69c04d6eb49400c6.