Heap Out-of-Bounds Read in PKCS7 Parsing for WolfSSL
CVE-2026-5392

2.3LOW

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 9 April 2026

What is CVE-2026-5392?

A vulnerability exists in the PKCS7 parsing within WolfSSL where an improperly crafted PKCS7 message can lead to an out-of-bounds (OOB) read on the heap. This flaw stems from a missing bounds check during the indefinite-length end-of-content verification loop in the PKCS7_VerifySignedData() function. It highlights a critical need for meticulous handling of input data to ensure memory safety and integrity.

Affected Version(s)

wolfSSL 0 < 5.9.1

References

https://github.com/wolfssl/wolfssl/pull/10039

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2026
Vulnerability Reserved
Apr 1, 2026

Credit

J Laratro (d0sf3t)

CVE-2026-5392 Data

JSON