PT-2026-26368 · Wolfssl · Wolfssl Wolfcrypt
Haruto Kimura
·
Published
2026-03-19
·
Updated
2026-03-22
·
CVE-2026-4395
CVSS v4.0
1.3
Low
| AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:L/U:Amber |
Name of the Vulnerable Software and Affected Versions
wolfSSL wolfcrypt (affected versions not specified)
Description
A heap-based buffer overflow exists in the KCAPI ECC code path within the
wc ecc import x963 ex() function. This allows a remote attacker to write data beyond the allocated buffer of the pubkey raw variable via a crafted, oversized EC public key point. The issue occurs because the WOLFSSL KCAPI ECC code path uses XMEMCPY without validating the input length, unlike the ATECC code path. This can be triggered during TLS key exchange when a malicious peer sends a crafted ECPoint in ServerKeyExchange.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wolfssl Wolfcrypt