CVE-2026-1005 — Integer Underflow (Wrap or Wraparound) in Wolfssl

CWE-191 — Integer Underflow (Wrap or Wraparound)6 documents6 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 80.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wolfssl Debian Wolfssl Msrc Azl3 Mariadb 10.11.16-1 ON Azure Linux 3.0 +1 more

Timeline

PublishedMar 19

Description

Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_DecodePacket. The underflow wraps a 16-bit length to a large value that is passed to AEAD decryption routines, causing heap buffer overflow and a crash. An unauthenticated attacker can trigger this remotely via malformed TLS Application Data records.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages5 packages

▶debiandebian/wolfssl< wolfssl 5.9.0-0.1 (forky)

▶Debianwolfssl/wolfssl< 5.9.0-0.1

▶CVEListV5wolfssl/wolfssl5.8.4

▶msrcmsrc/cbl2_mariadb_10.6.24-1_on_cbl_mariner_2.0

▶msrcmsrc/azl3_mariadb_10.11.16-1_on_azure_linux_3.0

🔴Vulnerability Details

OSV

CVE-2026-1005: Integer underflow in wolfSSL packet sniffer <= 5↗2026-03-19

▶

GHSA

GHSA-2q9g-q8jj-fr53: Integer underflow in wolfSSL packet sniffer <= 5↗2026-03-19

▶

📋Vendor Advisories

Microsoft

Integer underflow leads to out-of-bounds access in sniffer AES-GCM/CCM/ARIA-GCM decrypt path↗2026-03-10

▶

Debian

CVE-2026-1005: wolfssl - Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-1005 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶