CVE-2026-3549

HIGH EPSS 38.3%

Published Mar 19, 20263mo ago · Modified Mar 26, 20263mo ago

8.3 CVSS 4.0

High

Published Mar 19, 2026 3mo ago

Last Modified Mar 26, 2026 3mo ago

Description

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving.

CVSS Details

Base Score

8.3

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

38.3% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

Weaknesses 1

CWE-122

Affected Products 1

Vendor	Product	Version	Range
wolfssl	wolfssl	*	<5.9.0

References 1

github.com https://github.com/wolfSSL/wolfssl/pull/9817

Issue TrackingPatch

Remediation

github.com https://github.com/wolfSSL/wolfssl/pull/9817

Issue TrackingPatch