CVE-2026-1005

EUVD-2026-13133

19.03.2026, 17:16

Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_DecodePacket. The underflow wraps a 16-bit length to a large value that is passed to AEAD decryption routines, causing heap buffer overflow and a crash. An unauthenticated attacker can trigger this remotely via malformed TLS Application Data records.

Wrap or Wraparound

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	2.1 LOW	NETWORK	LOW	LOW	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
wolfssl	wolfssl	𝑥 ≤ 5.8.4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

wolfssl

bookworm	vulnerable
bullseye	vulnerable
forky	5.9.0-0.1 fixed
sid	5.9.0-0.1 fixed
trixie	vulnerable

Ubuntu Releases

Ubuntu Product

Codename

wolfssl

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	needs-triage
questing	needs-triage
xenial	needs-triage

Common Weakness Enumeration

CWE-191 - Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References

https://github.com/wolfSSL/wolfssl/pull/9571