CVE-2026-0819

Name of the Vulnerable Software and Affected Versions wolfSSL (affected versions not specified)

Description A stack buffer overflow issue exists in the PKCS7 SignedData encoding functionality of wolfSSL. Specifically, the wc PKCS7 BuildSignedAttributes() function incorrectly calculates the capacity value passed to the EncodeAttributes() function when adding custom signed attributes. This leads to writing beyond the bounds of the signedAttribs[7] array, resulting in stack memory corruption. In builds utilizing a small stack, this can manifest as heap corruption. Successful exploitation requires an application that permits untrusted input to control the size of the signedAttribs array when calling wc PKCS7 EncodeSignedData() or related signing functions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.