CVE-2026-3548— Buffer overflow in CRL number parsing in wolfSSL
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-3548
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Buffer overflow in CRL number parsing in wolfSSL
Source: NVD (National Vulnerability Database)
Vulnerability Description
Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs, either of these out of bound writes could be triggered. Note this only affects builds that specifically enable CRL support, and the user would need to load a CRL from an untrusted source.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存写
Source: NVD (National Vulnerability Database)
Vulnerability Title
wolfSSL(CyaSSL) 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
wolfSSL(CyaSSL)是美国wolfSSL公司的一个针对嵌入式系统开发人员使用的小的、可移植的嵌入式SSL编程库。 wolfSSL(CyaSSL)存在安全漏洞,该漏洞源于CRL解析器在解析CRL编号时存在两个缓冲区溢出漏洞,可能导致堆缓冲区溢出或栈缓冲区溢出,攻击者可通过特制的CRL触发越界写入。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-3548
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-3548
请登录查看更多情报信息。
Same Patch Batch · wolfSSL · 2026-03-19 · 11 CVEs total
| CVE-2026-3547 | 7.5 HIGH | wolfSSL: out-of-bounds read (DoS) in ALPN parsing due to incomplete validation |
| CVE-2026-0819 | Stack buffer overflow in PKCS7 SignedData encoding with custom signed attributes | |
| CVE-2026-1005 | Integer underflow leads to out-of-bounds access in sniffer AES-GCM/CCM/ARIA-GCM decrypt pa | |
| CVE-2026-2646 | Heap buffer overflow in session parsing with wolfSSL_d2i_SSL_SESSION() function | |
| CVE-2026-2645 | Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2 | |
| CVE-2026-3579 | Non-constant time multiplication subroutine __muldi3 on RISC-V RV32I | |
| CVE-2026-3580 | Compiler-induced timing leak in sp_256_get_entry_256_9 on RISC-V | |
| CVE-2026-4395 | Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path | |
| CVE-2026-3230 | Improper key_share validation in TLS 1.3 HelloRetryRequest | |
| CVE-2026-4159 | wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read |
IV. Related Vulnerabilities
Same product: wolfSSL
- CVE-2026-5477
Prefix-substitution forgery via integer overflow in wolfCryp - CVE-2026-5188
Integer underflow in X.509 SAN parsing in wolfSSL - CVE-2026-5500
Improper Validation of AES-GCM Authentication Tag Length in - CVE-2026-5501
Improper Certificate Signature Verification in X.509 Chain V - CVE-2026-5466
wc_VerifyEccsiHash missing sanity check
Same vendor: wolfSSL
- CVE-2026-0930
Potential wolfSSHd Buffer out-of-bounds Read on Windows Hand - CVE-2026-5477
Prefix-substitution forgery via integer overflow in wolfCryp - CVE-2026-5188
Integer underflow in X.509 SAN parsing in wolfSSL - CVE-2026-5500
Improper Validation of AES-GCM Authentication Tag Length in - CVE-2026-5501
Improper Certificate Signature Verification in X.509 Chain V
V. Comments for CVE-2026-3548
No comments yet