CVE-2026-3849— Buffer Overflow in HPKE via Oversized ECH Config

Buffer Overflow in HPKE via Oversized ECH Config

Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH (Encrypted Client Hello) support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client program crash. This could be exploited by a malicious TLS server supporting ECH. Note that ECH is off by default, and is only enabled with enable-ech.

N/A

跨界内存写

wolfSSL（CyaSSL） 安全漏洞

wolfSSL（CyaSSL）是美国wolfSSL公司的一个针对嵌入式系统开发人员使用的小的、可移植的嵌入式SSL编程库。 wolfSSL（CyaSSL）5.8.4版本存在安全漏洞，该漏洞源于ECH支持中存在栈缓冲区溢出，恶意特制的ECH配置可能导致客户端栈缓冲区溢出，从而可能引发远程代码执行和客户端程序崩溃。

N/A

N/A