Wofssl Wolfssl vulnerabilities

CVE-2026-3549 [HIGH] CWE-122 CVE-2026-3549: Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic wh Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving.

CVE-2026-3229 [LOW] CWE-122 CVE-2026-3229: An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused h An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certificate buffer. wolfssl_add_to_chain is called by these API: wolfSSL_CTX_add_extra_chain_cert, wolfSSL_CTX_add1_chain_cert, wolfSSL_add0_chain_cert. These API are

CVE-2025-11933 [LOW] CWE-20 CVE-2025-11933: Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multi Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to potentially cause a denial-of-service via a crafted ClientHello message with duplicate CKS extensions.