Primary

Context

wolfSSL Out-of-Bounds Read Vulnerability in ALPN Parsing Allowing Denial-of-Service

Vulnerability

Patched

A vulnerability exists in wolfSSL versions through 5.8.4 in the ALPN (Application-Layer Protocol Negotiation) handling. When ALPN is enabled, incomplete validation can lead to an out-of-bounds read, potentially causing a process crash and resulting in a denial-of-service condition. Although ALPN is disabled by default, it is activated for certain third-party compatibility features, including Apache HTTPD, BIND, cURL, HAProxy, Hitch, Lighttpd, JNI, NGINX, and QUIC.

Impact

Exploitation of this vulnerability can cause a process crash, leading to a denial-of-service condition.

Added: Mar 19, 2026, 9:23 PM

Updated: Mar 19, 2026, 9:23 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

5.3

remediation

8.3

relevance

4.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

5.3

remediation

8.3

relevance

4.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

wolfSSL Out-of-Bounds Read Vulnerability in ALPN Parsing Allowing Denial-of-Service

Vulnerability

Impact

Affected Products

wolfSSL

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating