HIGH🇬🇧 English

CVE-2026-6679

CVSS 8.8v4.0pub. 2026-06-25upd. 2026-06-27

A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This affects builds using DTLS 1.3 and wolfSSL version 5.9.0 and earlier. A fix was added to the 5.9.1 release.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Wolfssl

    APP
    Wolfssl
    5.4.0 – 5.9.1 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Memory
CWE
Referencje

Powiązane podatności

CVE-2026-5194CRITICAL9.3PL ✓ten sam produkt

WolfSSL: nieprawidłowa weryfikacja rozmiaru skrótu w certyfikatach ECDSA

CVE-2024-5991CRITICAL10.0PL ✓ten sam produkt

WolfSSL: odczyt poza granicami bufora w funkcji MatchDomainName()

CVE-2023-3724CRITICAL9.1ten sam produkt

If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connect...

CVE-2022-42905CRITICAL9.1ten sam produkt

In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious ...

CVE-2022-23408CRITICAL9.1ten sam produkt

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (without AE...