CVE-2026-3229

LOW EPSS 0.0%
Published Mar 19, 20263mo ago · Modified Mar 26, 20263mo ago
1.2 CVSS 4.0
Low
Find Similar
Published Mar 19, 2026 3mo ago
Last Modified Mar 26, 2026 3mo ago

Description

An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certificate buffer. wolfssl_add_to_chain is called by these API: wolfSSL_CTX_add_extra_chain_cert, wolfSSL_CTX_add1_chain_cert, wolfSSL_add0_chain_cert. These API are enabled for 3rd party compatibility features: enable-opensslall, enable-opensslextra, enable-lighty, enable-stunnel, enable-nginx, enable-haproxy. This issue is not remotely exploitable, and would require that the application context loading certificates is compromised.

CVSS Details

Base Score
1.2
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
0.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-122

Affected Products 1

VendorProductVersionRange
wolfsslwolfssl* <5.9.0

References 1

  • github.com https://github.com/wolfSSL/wolfssl/pull/9827
    PatchIssue Tracking

Remediation

  • github.com https://github.com/wolfSSL/wolfssl/pull/9827
    PatchIssue Tracking