216.73.217.22

CVE-2026-5477

· Published 10/04/2026 06:16 · Modified 10/04/2026 06:16

Labels: CVE-2026-5477 2026-04-10CVE-2026-5477CWE-190[email protected]

Essential information

Published
10/04/2026 06:16
Modified
10/04/2026 06:16
Author
Creator
CVSS
8.2 HIGH (v3) 8.2 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge CMAC tags. The function wc_CmacUpdate used the guard `if (cmac->totalSz != 0)` to skip XOR-chaining on the first block (where digest is all-zeros and the XOR is a no-op). However, totalSz is word32 and wraps to zero after 2^28 block flushes (4 GiB), causing the guard to erroneously discard the live CBC-MAC chain state. Any two messages sharing a common suffix beyond the 4 GiB mark then produce identical CMAC tags, enabling a zero-work prefix-substitution forgery. The fix removes the guard, making the XOR unconditional; the no-op property on the first block is preserved because digest is zero-initialized by wc_InitCmac_ex.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
wolfssl / wolfcrypt cpe:2.3:a:wolfssl:wolfcrypt:*:*:*:*:*:*:*:*

References