CVE-2026-3548 — Heap-based Buffer Overflow in Wolfssl

CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write6 documents6 sources

Severity

7.2HIGHNVD

EPSS

0.0%

top 94.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wolfssl Debian Wolfssl Msrc Azl3 Mariadb 10.11.16-1 ON Azure Linux 3.0 +1 more

Timeline

PublishedMar 19

Description

Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs, either of these out of bound writes could be triggered. Note this only affects builds that specifically enable CRL support, and the user would need to load a CRL from an untrusted source.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages5 packages

▶debiandebian/wolfssl< wolfssl 5.9.0-0.1 (forky)

▶CVEListV5wolfssl/wolfssl< 5.9.0

▶Debianwolfssl/wolfssl< 5.9.0-0.1

▶msrcmsrc/cbl2_mariadb_10.6.24-1_on_cbl_mariner_2.0

▶msrcmsrc/azl3_mariadb_10.11.16-1_on_azure_linux_3.0

🔴Vulnerability Details

OSV

CVE-2026-3548: Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improper↗2026-03-19

▶

GHSA

GHSA-86fv-q5vx-mw5m: Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improper↗2026-03-19

▶

📋Vendor Advisories

Microsoft

Buffer overflow in CRL number parsing in wolfSSL↗2026-03-10

▶

Debian

CVE-2026-3548: wolfssl - Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsi...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-3548 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶