CVE-2026-3547Out-of-bounds Read in Wolfssl

CWE-125Out-of-bounds Read21 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 85.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
WolfsslDebian WolfsslMsrc Azl3 Mariadb 10.11.16-1 ON Azure Linux 3.0+1 more
Timeline
PublishedMar 19

Description

Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled (HAVE_ALPN / --enable-alpn). A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash (denial of service). Note that ALPN is disabled by default, but is enabled for these 3rd party compatibility features: enable-apachehttpd, enable-bind, enable-curl, enable-haproxy, enable-hitch, enab

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

debiandebian/wolfssl< wolfssl 5.9.0-0.1 (forky)
NVDwolfssl/wolfssl< 5.9.0
Debianwolfssl/wolfssl< 5.9.0-0.1

Patches

Patch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-f377-557w-vjgv: Out-of-bounds read in ALPN parsing due to incomplete validation2026-03-19
OSV
CVE-2026-3547: Out-of-bounds read in ALPN parsing due to incomplete validation2026-03-19

📋Vendor Advisories

2
Microsoft
wolfSSL: out-of-bounds read (DoS) in ALPN parsing due to incomplete validation2026-03-10
Debian
CVE-2026-3547: wolfssl - Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 a...2026

🕵️Threat Intelligence

16
Wiz
CVE-2026-4395 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-3580 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-3549 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-0819 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-3229 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-3547 — Out-of-bounds Read in Wolfssl | cvebase