Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-0819— Stack buffer overflow in PKCS7 SignedData encoding with custom signed attributes

EPSS 0.02% · P5
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-0819

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Stack buffer overflow in PKCS7 SignedData encoding with custom signed attributes
Source: NVD (National Vulnerability Database)
Vulnerability Description
A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wc_PKCS7_BuildSignedAttributes(), when adding custom signed attributes, the code passes an incorrect capacity value (esd->signedAttribsCount) to EncodeAttributes() instead of the remaining available space in the fixed-size signedAttribs[7] array. When an application sets pkcs7->signedAttribsSz to a value greater than MAX_SIGNED_ATTRIBS_SZ (default 7) minus the number of default attributes already added, EncodeAttributes() writes beyond the array bounds, causing stack memory corruption. In WOLFSSL_SMALL_STACK builds, this becomes heap corruption. Exploitation requires an application that allows untrusted input to control the signedAttribs array size when calling wc_PKCS7_EncodeSignedData() or related signing functions.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
栈缓冲区溢出
Source: NVD (National Vulnerability Database)
Vulnerability Title
wolfSSL 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
wolfSSL(CyaSSL)是美国wolfSSL公司的一个针对嵌入式系统开发人员使用的小的、可移植的嵌入式SSL编程库。 wolfSSL存在安全漏洞,该漏洞源于PKCS7 SignedData编码功能存在栈缓冲区溢出,当应用程序设置pkcs7->signedAttribsSz值过大时,可能导致栈内存损坏,在WOLFSSL_SMALL_STACK构建中则导致堆损坏。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
wolfSSLwolfSSL 5.5.0 ~ 5.9.0 -

II. Public POCs for CVE-2026-0819

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-0819

登录查看更多情报信息。

Same Patch Batch · wolfSSL · 2026-03-19 · 11 CVEs total

CVE-2026-35477.5 HIGHwolfSSL: out-of-bounds read (DoS) in ALPN parsing due to incomplete validation
CVE-2026-1005Integer underflow leads to out-of-bounds access in sniffer AES-GCM/CCM/ARIA-GCM decrypt pa
CVE-2026-2646Heap buffer overflow in session parsing with wolfSSL_d2i_SSL_SESSION() function
CVE-2026-2645Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2
CVE-2026-3548Buffer overflow in CRL number parsing in wolfSSL
CVE-2026-3579Non-constant time multiplication subroutine __muldi3 on RISC-V RV32I
CVE-2026-3580Compiler-induced timing leak in sp_256_get_entry_256_9 on RISC-V
CVE-2026-4395Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path
CVE-2026-3230Improper key_share validation in TLS 1.3 HelloRetryRequest
CVE-2026-4159wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read

IV. Related Vulnerabilities

Same product: wolfSSL
Same vendor: wolfSSL
Same weakness: CWE-121

V. Comments for CVE-2026-0819

No comments yet

Leave a comment