Stack Buffer Overflow in wolfSSL's PKCS7 Implementation
CVE-2026-5295

5.9MEDIUM

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 9 April 2026

What is CVE-2026-5295?

A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 implementation, specifically within the wc_PKCS7_DecryptOri() function. This occurs due to a lack of proper validation for the length of an ASN.1 parsed OID when copying it into a fixed-size buffer. An attacker can exploit this vulnerability by crafting a CMS EnvelopedData message with an OtherRecipientInfo that includes an OID exceeding 32 bytes in length. This situation can lead to a stack buffer overflow, potentially compromising the integrity of the application. Notably, successful exploitation necessitates that the library be compiled with the --enable-pkcs7 option enabled and that an ORI decrypt callback is registered using wc_PKCS7_SetOriDecryptCb().

Affected Version(s)

wolfSSL 0 < 5.9.1

References

https://github.com/wolfSSL/wolfssl/pull/10116

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2026
Vulnerability Reserved
Mar 31, 2026

Credit

Sunwoo Lee, (Korea Institute of Energy Technology, KENTECH)

Woohyun Choi, (Korea Institute of Energy Technology, KENTECH)

Seunghyun Yoon, (Korea Institute of Energy Technology, KENTECH)

CVE-2026-5295 Data

JSON