Primary

Context

wolfSSL AES-GCM Authentication Tag Length Vulnerability in wc_PKCS7_DecodeAuthEnvelopedData

Vulnerability

Patched

A vulnerability exists in wolfSSL's function wc_PKCS7_DecodeAuthEnvelopedData(), where the AES-GCM authentication tag length is not properly validated. This lack of lower bounds check allows a man-in-the-middle attacker to truncate the MAC field from 16 bytes to 1 byte, weakening the tag verification from 2⁻¹²⁸ to 2⁻⁸.

Impact

Exploitation of this vulnerability allows for a significant reduction in the security of the AES-GCM authentication tag, making it easier to bypass integrity checks.

Added: Apr 10, 2026, 4:23 AM

Updated: Apr 10, 2026, 4:23 AM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.0

remediation

7.7

relevance

5.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.0

remediation

7.7

relevance

5.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

wolfSSL AES-GCM Authentication Tag Length Vulnerability in wc_PKCS7_DecodeAuthEnvelopedData

Vulnerability

Impact

Affected Products

wolfSSL

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating