CVE-2026-2646

EUVD-2026-13137

19.03.2026, 18:16

A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When deserializing session data with SESSION_CERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and corrupt heap memory. A maliciously crafted session would need to be loaded from an external source to trigger this vulnerability. Internal sessions were not vulnerable.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5 MEDIUM	LOCAL	HIGH	LOW	CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
wolfssl	wolfssl	𝑥 ≤ 5.8.4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

wolfssl

bookworm	vulnerable
bullseye	vulnerable
forky	5.9.0-0.1 fixed
sid	5.9.0-0.1 fixed
trixie	vulnerable

Common Weakness Enumeration

CWE-122 - Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References

https://github.com/wolfSSL/wolfssl/pull/9748

https://github.com/wolfSSL/wolfssl/pull/9949