Primary

Context

wolfSSL Heap-Based Buffer Overflow Vulnerability in SSL Session Deserialization

Vulnerability

Patched

A heap-buffer-overflow vulnerability has been identified in wolfSSL's function wolfSSL_d2i_SSL_SESSION(). This issue arises when deserializing session data with SESSION_CERTS enabled, as the lengths of certificates and session IDs are read from untrusted input without proper bounds validation. This oversight allows an attacker to overflow fixed-size buffers and corrupt heap memory. The vulnerability can be triggered by loading a maliciously crafted session from an external source, while internal sessions remain unaffected.

Impact

Exploitation of this vulnerability leads to a heap-based buffer overflow, allowing for memory corruption that could potentially be exploited to execute arbitrary code.

Remediation

Users are advised to update to the latest version of wolfSSL, where this vulnerability has been addressed. Instructions for updating can be found in the wolfSSL documentation.

Added: Mar 19, 2026, 6:19 PM

Updated: Mar 19, 2026, 6:19 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

1.9

exploitability

5.6

remediation

7.7

relevance

4.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

1.9

exploitability

5.6

remediation

7.7

relevance

4.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

wolfSSL Heap-Based Buffer Overflow Vulnerability in SSL Session Deserialization

Vulnerability

Impact

Remediation

Affected Products

wolfSSL

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating