Primary

Context

wolfSSL X.509 Date Buffer Overflow Vulnerability

Vulnerability

A buffer overflow vulnerability has been identified in wolfSSL's X.509 date parsing functions, wolfSSL_X509_notAfter and wolfSSL_X509_notBefore. This issue arises in the compatibility layer API when handling date fields from a specially crafted X.509 certificate. The vulnerability is triggered only when these functions are called directly from an application, and does not impact TLS or certificate verification processes in wolfSSL.

Impact

Exploitation of this vulnerability can lead to a buffer overflow, which may be exploited to execute arbitrary code or cause a denial-of-service condition.

Remediation

Users can apply the latest version of wolfSSL, which includes a bounds check for the wolfSSL_X509_notBefore and wolfSSL_X509_notAfter functions, to address this vulnerability.

Added: Apr 10, 2026, 2:00 AM

Updated: Apr 10, 2026, 2:00 AM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

5.3

remediation

7.7

relevance

5.6

threat

3.2

urgency

1.4

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

5.3

remediation

7.7

relevance

5.6

threat

3.2

urgency

1.4

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

wolfSSL X.509 Date Buffer Overflow Vulnerability

Vulnerability

Impact

Remediation

Affected Products

wolfSSL

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating