CVE-2026-3229 — Heap-based Buffer Overflow in Wolfssl

CWE-122 — Heap-based Buffer Overflow6 documents6 sources

Severity

1.2LOWNVD

EPSS

0.0%

top 97.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wofssl Wolfssl Wolfssl Debian Wolfssl +2 more

Timeline

PublishedMar 19

Description

An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certificate buffer. wolfssl_add_to_chain is called by these API: wolfSSL_CTX_add_extra_chain_cert, wolfSSL_CTX_add1_chain_cert, wolfSSL_add0_chain_cert. These API are enabled for 3rd party compatibility features: enable-opensslall, enable-opensslextra, enable-lighty, enable-stunnel, enable-nginx, enable-hapro…

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages6 packages

▶CVEListV5wofssl/wolfssl< 5.9.0

▶debiandebian/wolfssl< wolfssl 5.9.0-0.1 (forky)

▶NVDwolfssl/wolfssl< 5.9.0

▶Debianwolfssl/wolfssl< 5.9.0-0.1

▶msrcmsrc/cbl2_mariadb_10.6.24-1_on_cbl_mariner_2.0

Patches

Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2026-3229: An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused heap corruption when certificate data was written o↗2026-03-19

▶

GHSA

GHSA-6p64-86qj-33gc: An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused heap corruption when certificate data was written o↗2026-03-19

▶

📋Vendor Advisories

Microsoft

Integer Overflow in Certificate Chain Allocation↗2026-03-10

▶

Debian

CVE-2026-3229: wolfssl - An integer overflow vulnerability existed in the static function wolfssl_add_to_...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-3229 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶