CVE-2026-3849 — Out-of-bounds Write in Wolfssl

CWE-787 — Out-of-bounds Write21 documents6 sources

Severity

6.9MEDIUMNVD

EPSS

0.2%

top 58.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wolfssl Debian Wolfssl Wolfssl INC Wolfssl +2 more

Timeline

PublishedMar 19

Description

Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH (Encrypted Client Hello) support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client program crash. This could be exploited by a malicious TLS server supporting ECH. Note that ECH is off by default, and is only enabled with enable-ech.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages6 packages

▶debiandebian/wolfssl< wolfssl 5.9.0-0.1 (forky)

▶NVDwolfssl/wolfssl5.6.0 — 5.9.0

▶Debianwolfssl/wolfssl< 5.9.0-0.1

▶CVEListV5wolfssl_inc/wolfsslv5.6.0-stable — v5.8.4-stable

▶msrcmsrc/cbl2_mariadb_10.6.24-1_on_cbl_mariner_2.0

Patches

Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-267h-vrw9-53p3: Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config↗2026-03-19

▶

OSV

CVE-2026-3849: Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config↗2026-03-19

▶

📋Vendor Advisories

Microsoft

Buffer Overflow in HPKE via Oversized ECH Config↗2026-03-10

▶

Debian

CVE-2026-3849: wolfssl - Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulne...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-4395 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-3580 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-3549 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-0819 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-3229 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶