Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write through improper handling of the publicName parameter in the TLSXEchChangeSNI process. An attacker can cause memory corruption or potentially execute arbitrary code by supplying a specially crafted value that leads t...

UBUNTU-CVE-2026-5503

In TLSXEchChangeSNI, the ctx-extensions branch set extensions unconditionally even when TLSXFind returned NULL. This caused TLSXUseSNI to attach the attacker-controlled publicName to the shared WOLFSSLCTX when no inner SNI was configured. TLSXEchRestoreSNI then failed to clean it up because its...

CVE-2026-5503

In TLSXEchChangeSNI, the ctx-extensions branch set extensions unconditionally even when TLSXFind returned NULL. This caused TLSXUseSNI to attach the attacker-controlled publicName to the shared WOLFSSLCTX when no inner SNI was configured. TLSXEchRestoreSNI then failed to clean it up because its...

CVE-2026-5503

CVE-2026-5503 affects wolfSSL’s TLSX_EchChangeSNI: the code path sets ctx->extensions unconditionally even when TLSX_Find returns NULL, causing an attacker-controlled publicName to be bound to the shared WOLFSSL_CTX when no inner SNI is configured. TLSX_EchRestoreSNI cannot clean it up because...

ANT-2026-0JRYQPCF · wolfSSL · heap-buffer-overflow

heap-buffer-overflow high CVE-2026-5503 Severity Claude high · Security research firm high · Maintainer - Discovered by Claude Mythos Preview SECURITY RESEARCH FIRM ANALYSIS Triage and disclosure were performed by Calif. Verdict: true positive Severity: high TIMELINE Dates from discovery through...

Tyler Odyssey 信任管理问题漏洞

Tyler Technologies Tyler Odyssey is a court and judicial software system from Tyler Technologies, USA. A security vulnerability exists in Tyler Odyssey that originates when Odyssey is configured to use a certificate public name for client authentication, which allows a man-in-the-middle attacker ...