CVE-2026-5295

Name of the Vulnerable Software and Affected Versions wolfSSL versions (affected versions not specified)

Description A stack buffer overflow exists in wolfSSL's PKCS7 implementation within the wc PKCS7 DecryptOri() function located in wolfcrypt/src/pkcs7.c. The issue occurs when processing a CMS EnvelopedData message with an OtherRecipientInfo (ORI) recipient. The function uses XMEMCPY to copy an ASN.1-parsed OID into a fixed 32-byte stack buffer (oriOID[MAX OID SZ]) without validating the length of the OID. A crafted CMS EnvelopedData message containing an OID longer than 32 bytes triggers the overflow. Exploitation requires the library to be built with --enable-pkcs7 and an ORI decrypt callback registered via wc PKCS7 SetOriDecryptCb().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.