wolfSSL Stack Buffer Over-Read Vulnerability in MatchDomainName Function During Wildcard Hostname Validation

Vulnerability

A stack buffer over-read vulnerability has been identified in the wolfSSL library, specifically in the MatchDomainName function within src/internal.c. This issue arises during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. The vulnerability occurs because if a wildcard character exhausts the entire hostname string, the function reads one byte beyond the buffer's limit without proper bounds checking, potentially leading to a crash.

Impact

Exploitation of this vulnerability can cause a crash, likely due to a buffer over-read that disrupts normal program execution.

Added: Apr 9, 2026, 10:49 PM

Updated: Apr 9, 2026, 10:49 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

1.3

exploitability

5.1

remediation

7.7

relevance

5.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

1.3

exploitability

5.1

remediation

7.7

relevance

5.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

wolfSSL Stack Buffer Over-Read Vulnerability in MatchDomainName Function During Wildcard Hostname Validation

Vulnerability

Impact

Affected Products

wolfSSL

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating