← back
CVE-2026-6681

PKCS#7 decode ignores caller output buffer size, writing past buffer bounds

CVSS 1 LOWEPSS 0.2%CWE-120CWE-787
The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release.
CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/U:Clear
Affected products
wolfSSL · wolfSSL

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/wolfSSL/wolfssl/pull/10116https://www.wolfssl.com/docs/security-vulnerabilities/