1575 matches found
JLSEC-2026-758 iPAddress name constraints bypass when WOLFSSL_IP_ALT_NAME is not defined. IP address name...
iPAddress name constraints bypass when WOLFSSLIPALTNAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints...
JLSEC-2026-731 In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when...
In TLSXEchChangeSNI, the ctx-extensions branch set extensions unconditionally even when TLSXFind returned NULL. This caused TLSXUseSNI to attach the attacker-controlled publicName to the shared WOLFSSLCTX when no inner SNI was configured. TLSXEchRestoreSNI then failed to clean it up because its...
JLSEC-2026-702 A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When...
A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSLd2iSSLSESSION function. When deserializing session data with SESSIONCERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and...
JLSEC-2026-699 X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate...
X.509 trust-chain bypass path-depth exhaustion in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra whose application calls X509verifycert with caller-supplied untrusted intermediates; for those users it is critical, otherwis...
JLSEC-2026-741 Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause a program crash...
Integer underflow in wolfSSL packet sniffer = 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large valu...
JLSEC-2026-688 Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into...
Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into non-constant-time binary by LLVM optimizations, which can potentially result in observable timing discrepancies and lead to information disclosure through timing side-channel attacks...
JLSEC-2026-678 In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag),...
In wolfSSL prior to 5.6.6, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes WOLFSSLCALLBACKS is only intended for debugging...
JLSEC-2026-681 The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against...
The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. In a controlled environment such as Intel SGX, an attacker can gain a per instruction sub-cache-line resolution allowing them to break the...
JLSEC-2026-711 Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed...
Stack Buffer Overflow in wcHpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH Encrypted Client Hello support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client...
JLSEC-2026-689 In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as...
In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...
JLSEC-2026-703
An integer overflow vulnerability existed in the static function wolfssladdtochain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certificate buffer. wolfssladdtochain is called by these API: wolfSSLCTXaddextrachaincert,...
JLSEC-2026-685 In function MatchDomainName(), input param str is treated as a NULL terminated string despite...
In function MatchDomainName, input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509checkhost takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do...
JLSEC-2026-676 If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension)...
If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value when generating the session master secret. Using a potentially known IKM value when...
JLSEC-2026-713
Heap-based buffer overflow in the KCAPI ECC code path of wceccimportx963ex in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkeyraw buffer via a crafted oversized EC public key point. The WOLFSSLKCAPIECC code path copies the input to...
JLSEC-2026-721 Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm...
Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL...
JLSEC-2026-724 X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow...
X.509 date buffer overflow in wolfSSLX509notAfter / wolfSSLX509notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. This is only triggered when calling these two APIs directly from an application, and does not affect TLS...
JLSEC-2026-709
wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions sp256mul9, sp256sqr9, etc., leading to a timing...
JLSEC-2026-728 In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal ...
In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSLEVPCipherFinal and related EVP cipher finalization functions fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption,...
JLSEC-2026-683 An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT...
An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSLCHECKSIGFAULTS is used in signing operations with private ECC keys, such as in server-side TLS connections, the connection is halted if any fault...
JLSEC-2026-712
1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...