← voltar
CVE-2026-6681

PKCS#7 decode ignores caller output buffer size, writing past buffer bounds

CVSS 1 LOWEPSS 0.2%CWE-120CWE-787
The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release.
CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/U:Clear
Produtos afetados
wolfSSL · wolfSSL

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/wolfSSL/wolfssl/pull/10116https://www.wolfssl.com/docs/security-vulnerabilities/