Primary

Context

wolfSSL PKCS7 Indefinite-Length Parsing Heap Out-of-Bounds Read Vulnerability

Vulnerability

Patched

A heap out-of-bounds read vulnerability has been identified in wolfSSL's PKCS7 message parsing. This issue arises from a missing bounds check in the indefinite-length end-of-content verification loop within the PKCS7_VerifySignedData() function. A crafted PKCS7 message can exploit this flaw, leading to an out-of-bounds read on the heap.

Impact

Exploitation of this vulnerability causes a heap out-of-bounds read, which can potentially be leveraged for further attacks, such as memory corruption or information disclosure.

Remediation

Users are advised to update to the latest version of wolfSSL, where this vulnerability has been addressed. Instructions for updating can be found in the wolfSSL documentation.

Added: Apr 10, 2026, 2:06 AM

Updated: Apr 10, 2026, 2:06 AM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

5.3

remediation

7.7

relevance

5.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

5.3

remediation

7.7

relevance

5.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

wolfSSL PKCS7 Indefinite-Length Parsing Heap Out-of-Bounds Read Vulnerability

Vulnerability

Impact

Remediation

Affected Products

wolfSSL

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating