CVE-2026-4395

Name of the Vulnerable Software and Affected Versions wolfSSL wolfcrypt (affected versions not specified)

Description A heap-based buffer overflow exists in the KCAPI ECC code path within the wc ecc import x963 ex() function. This allows a remote attacker to write data beyond the allocated buffer of the pubkey raw variable via a crafted, oversized EC public key point. The issue occurs because the WOLFSSL KCAPI ECC code path uses XMEMCPY without validating the input length, unlike the ATECC code path. This can be triggered during TLS key exchange when a malicious peer sends a crafted ECPoint in ServerKeyExchange.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.