CVE-2026-4395 — Heap-based Buffer Overflow in Wolfssl
Severity
1.3LOWNVD
EPSS
0.1%
top 68.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedMar 19
Description
Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffer via a crafted oversized EC public key point. The WOLFSSL_KCAPI_ECC code path copies the input to key->pubkey_raw (132 bytes) using XMEMCPY without a bounds check, unlike the ATECC code path which includes a length validation. This can be triggered during TLS key exchange when a malicious peer send…
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Affected Packages6 packages
Patches
🔴Vulnerability Details
2OSV▶
CVE-2026-4395: Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-contr↗2026-03-19
GHSA▶
GHSA-cqx9-3cpj-rrqp: Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-contr↗2026-03-19