CVE-2026-1005

Name of the Vulnerable Software and Affected Versions wolfSSL versions prior to 5.8.4

Description An integer underflow in the packet sniffer component of wolfSSL allows an attacker to cause a buffer overflow in the AEAD decryption path. This occurs when a TLS record shorter than the expected length is injected into traffic inspected by ssl DecodePacket. The underflow results in a large value being passed to AEAD decryption routines, leading to a heap buffer overflow and a crash. An unauthenticated attacker can trigger this remotely via malformed TLS Application Data records. The vulnerable component is the AEAD decryption path, specifically during the processing of TLS records. The vulnerable function is ssl DecodePacket. The IV (Initialization Vector) and authentication tag are involved in the length calculation that is susceptible to the underflow.

Recommendations wolfSSL versions prior to 5.8.4 should be updated.