Primary

Context

wolfSSL Stack Buffer Overflow Vulnerability in ECH Support Allowing Remote Code Execution

Vulnerability

Patched

A stack buffer overflow vulnerability has been identified in wolfSSL version 5.8.4, specifically within the Encrypted Client Hello (ECH) support. This vulnerability arises when a maliciously crafted ECH configuration is processed, potentially leading to remote code execution and causing the client program to crash. The issue can be exploited by a malicious TLS server that supports ECH. It is important to note that ECH is disabled by default and only enabled with the 'enable-ech' option.

Impact

Exploitation of this vulnerability could result in a stack buffer overflow, allowing for remote code execution on the client side, and causing a crash of the client program.

Added: Mar 19, 2026, 9:21 PM

Updated: Mar 19, 2026, 9:21 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

7.5

exploitability

4.5

remediation

7.7

relevance

4.1

threat

3.2

urgency

5.7

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

7.5

exploitability

4.5

remediation

7.7

relevance

4.1

threat

3.2

urgency

5.7

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

wolfSSL Stack Buffer Overflow Vulnerability in ECH Support Allowing Remote Code Execution

Vulnerability

Impact

Affected Products

wolfSSL

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating