216.73.217.50

CVE-2026-1005

· Published 19/03/2026 17:16 · Modified 20/03/2026 13:39

Labels: CVE-2026-1005 2026-03-19CVE-2026-1005CWE-191[email protected]

Essential information

Published
19/03/2026 17:16
Modified
20/03/2026 13:39
Author
Creator
CVSS
2.1 LOW (v3) 2.1 LOW (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_DecodePacket. The underflow wraps a 16-bit length to a large value that is passed to AEAD decryption routines, causing heap buffer overflow and a crash. An unauthenticated attacker can trigger this remotely via malformed TLS Application Data records.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
wolfssl / wolfssl cpe:2.3:a:wolfssl:wolfssl:<5.8.4:*:*:*:*:*:*:*

References