CVE-2026-3547

Name of the Vulnerable Software and Affected Versions wolfSSL versions 5.8.4 and earlier

Description An out-of-bounds read issue exists in the ALPN (Application-Layer Protocol Negotiation) parsing functionality when ALPN is enabled. This occurs due to incomplete validation of the ALPN protocol list. A specially crafted ALPN protocol list can trigger this issue, potentially leading to a denial of service through a process crash. ALPN is disabled by default but is enabled when using certain compatibility features, including those for Apachehttpd, Bind, cURL, HAProxy, Hitch, Lighty, JNI, Nginx, and QUIC.

Recommendations wolfSSL versions prior to 5.8.4 should be updated.