CVE-2026-2646

MEDIUM EPSS 2.4%
Published Mar 19, 20263mo ago · Modified Jun 17, 20261w ago
5.0 CVSS 4.0
Medium
Find Similar
Published Mar 19, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago

Description

A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When deserializing session data with SESSION_CERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and corrupt heap memory. A maliciously crafted session would need to be loaded from an external source to trigger this vulnerability. Internal sessions were not vulnerable.

CVSS Details

Base Score
5.0
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-122
CWE-787 Out-of-bounds Write Memory Safety

Affected Products 1

VendorProductVersionRange
wolfsslwolfssl* <5.9.0

References 2

  • github.com https://github.com/wolfSSL/wolfssl/pull/9748
    Issue TrackingPatch
  • github.com https://github.com/wolfSSL/wolfssl/pull/9949
    Issue TrackingPatch

Remediation

  • github.com https://github.com/wolfSSL/wolfssl/pull/9748
    Issue TrackingPatch
  • github.com https://github.com/wolfSSL/wolfssl/pull/9949
    Issue TrackingPatch