216.73.216.133

CVE-2026-3229

· Published 19/03/2026 21:17 · Modified 20/03/2026 13:39

Labels: CVE-2026-3229 2026-03-19CVE-2026-3229CWE-122[email protected]

Essential information

Published
19/03/2026 21:17
Modified
20/03/2026 13:39
Author
Creator
CVSS
1.2 LOW (v3) 1.2 LOW (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certificate buffer. wolfssl_add_to_chain is called by these API: wolfSSL_CTX_add_extra_chain_cert, wolfSSL_CTX_add1_chain_cert, wolfSSL_add0_chain_cert. These API are enabled for 3rd party compatibility features: enable-opensslall, enable-opensslextra, enable-lighty, enable-stunnel, enable-nginx, enable-haproxy. This issue is not remotely exploitable, and would require that the application context loading certificates is compromised.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
wolfssl / wolfssl cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*

References