Primary

Context

wolfSSL Out-of-Bounds Heap Read Vulnerability in PKCS7 Enveloped Data Decoding

Vulnerability

Patched

A vulnerability exists in wolfSSL versions through 5.8.4, allowing a 1-byte out-of-bounds heap read in the function wc_PKCS7_DecodeEnvelopedData. This issue can be triggered by a crafted CMS EnvelopedData message containing zero-length encrypted content. It's important to note that PKCS7 support is disabled by default.

Impact

Exploitation of this vulnerability leads to a 1-byte out-of-bounds heap read, which can potentially be exploited to cause a heap-based buffer overflow.

Remediation

Users can upgrade to wolfSSL version 5.8.5 or later, where this vulnerability has been addressed.

Added: Mar 19, 2026, 10:18 PM

Updated: Mar 19, 2026, 10:18 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

6.0

remediation

7.7

relevance

4.1

threat

6.4

urgency

1.4

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

6.0

remediation

7.7

relevance

4.1

threat

6.4

urgency

1.4

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

wolfSSL Out-of-Bounds Heap Read Vulnerability in PKCS7 Enveloped Data Decoding

Vulnerability

Impact

Remediation

Affected Products

wolfSSL

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating