Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wolfSSL — Vulnerabilities & Security Advisories 62

Browse all 62 CVE security advisories affecting wolfSSL. AI-powered Chinese analysis, POCs, and references for each vulnerability.

wolfSSL is an embedded SSL/TLS library primarily designed for resource-constrained environments, including IoT devices, automotive systems, and embedded Linux. Its compact footprint makes it a standard choice for secure communications in hardware with limited memory and processing power. Historically, the codebase has been associated with numerous Common Vulnerabilities and Exposures, totaling 62 recorded instances. These flaws predominantly involve memory corruption issues, such as buffer overflows and use-after-free errors, which can lead to remote code execution or denial of service. While cross-site scripting is less relevant to its backend nature, improper input validation remains a recurring theme. Notable incidents often stem from complex cryptographic implementations or parsing errors in certificate handling. The project maintains an active security response process, addressing these vulnerabilities through regular updates, though the high volume of past CVEs highlights the challenges of maintaining rigorous security standards in a widely deployed, low-level cryptographic component.

Found 55 results / 62Clear Filters
Top products by wolfSSL: wolfSSL wolfSSH wolfCrypt wolfSSL-py
CVE IDTitleCVSSSeverityPublished
CVE-2026-5477 Prefix-substitution forgery via integer overflow in wolfCrypt CMAC — wolfSSLCWE-190 7.5 -2026-04-10
CVE-2026-5188 Integer underflow in X.509 SAN parsing in wolfSSL — wolfSSLCWE-191 6.5 -2026-04-10
CVE-2026-5500 Improper Validation of AES-GCM Authentication Tag Length in PKCS#7 Envelope Allows Authentication Bypass — wolfSSLCWE-20 3.7 -2026-04-10
CVE-2026-5501 Improper Certificate Signature Verification in X.509 Chain Validation Allows Forged Leaf Certificates — wolfSSLCWE-295 5.9 -2026-04-10
CVE-2026-5466 wc_VerifyEccsiHash missing sanity check — wolfSSLCWE-347 9.1 -2026-04-10
CVE-2026-5479 wolfSSL EVP ChaCha20-Poly1305 AEAD authentication tag — wolfSSLCWE-354 7.5 -2026-04-10
CVE-2026-5460 Heap Use-After-Free in PQC Hybrid KeyShare Error Cleanup in wolfSSL TLS 1.3 — wolfSSLCWE-416 9.1 -2026-04-09
CVE-2026-5448 1-2 Byte Buffer Overflow in wolfSSL_X509_notAfter/notBefore — wolfSSLCWE-122 8.1 -2026-04-09
CVE-2026-5392 wolfSSL heap OOB read in PKCS7 SignedData streaming — wolfSSLCWE-125 9.1 -2026-04-09
CVE-2026-5393 OOB Read in DoTls13CertificateVerify with WOLFSSL_DUAL_ALG_CERTS — wolfSSLCWE-125 9.1 -2026-04-09
CVE-2026-5295 Stack Buffer Overflow in wolfSSL PKCS7 wc_PKCS7_DecryptOri() via Oversized OID — wolfSSLCWE-121 9.8AICriticalAI2026-04-09
CVE-2026-5503 out-of-bounds write in TLSX_EchChangeSNI via attacker-controlled publicName — wolfSSLCWE-787 9.1AICriticalAI2026-04-09
CVE-2026-5504 PKCS7 CBC Padding Oracle — Plaintext Recovery — wolfSSLCWE-354 7.5AIHighAI2026-04-09
CVE-2026-5507 Session Cache Restore — Arbitrary Free via Deserialized Pointer — wolfSSLCWE-502 8.1AIHighAI2026-04-09
CVE-2026-5772 MatchDomainName 1-Byte Stack Buffer Over-Read in Hostname Validation — wolfSSLCWE-126 7.5AIHighAI2026-04-09
CVE-2026-5778 Integer underflow leads to out-of-bounds access in sniffer ChaCha decrypt path. — wolfSSLCWE-191 7.5AIHighAI2026-04-09
CVE-2026-5264 DTLS 1.3 ACK heap buffer overflow — wolfSSLCWE-122 9.8AICriticalAI2026-04-09
CVE-2026-5263 URI nameConstraints not enforced in ConfirmNameConstraints() — wolfSSLCWE-295 7.5AIHighAI2026-04-09
CVE-2026-5446 wolfSSL ARIA-GCM TLS 1.2/DTLS 1.2 GCM nonce reuse — wolfSSLCWE-323 9.1AICriticalAI2026-04-09
CVE-2026-5447 Heap buffer overflow in CertFromX509() via AuthorityKeyIdentifier — wolfSSLCWE-122 9.8AICriticalAI2026-04-09
CVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL — wolfSSLCWE-122 8.4AIHighAI2026-04-09
CVE-2026-5194 wolfSSL ECDSA Certificate Verification — wolfSSLCWE-295 5.3AIMediumAI2026-04-09
CVE-2026-4159 wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read — wolfSSLCWE-125 9.1 -2026-03-19
CVE-2026-3230 Improper key_share validation in TLS 1.3 HelloRetryRequest — wolfSSLCWE-20 7.5 -2026-03-19
CVE-2026-4395 Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path — wolfsslCWE-122 9.1 -2026-03-19
CVE-2026-3547 wolfSSL: out-of-bounds read (DoS) in ALPN parsing due to incomplete validation — wolfSSLCWE-125 7.5 High2026-03-19
CVE-2026-3580 Compiler-induced timing leak in sp_256_get_entry_256_9 on RISC-V — wolfSSLCWE-203 5.5 -2026-03-19
CVE-2026-3579 Non-constant time multiplication subroutine __muldi3 on RISC-V RV32I — wolfSSLCWE-203 7.5 -2026-03-19
CVE-2026-3548 Buffer overflow in CRL number parsing in wolfSSL — wolfSSLCWE-787 8.8 -2026-03-19
CVE-2026-2646 Heap buffer overflow in session parsing with wolfSSL_d2i_SSL_SESSION() function — wolfsslCWE-122 8.1 -2026-03-19

This page lists every published CVE security advisory associated with wolfSSL. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.