CVE-2026-2646

HIGH

Heap buffer overflow in session parsing with wolfSSL_d2i_SSL_SESSION() function

Title source: cna

Description

A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When deserializing session data with SESSION_CERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and corrupt heap memory. A maliciously crafted session would need to be loaded from an external source to trigger this vulnerability. Internal sessions were not vulnerable.

References (2)

Core 2

Core References

https://github.com/wolfSSL/wolfssl/pull/9748

https://github.com/wolfSSL/wolfssl/pull/9949

Scores

CVSS v3 8.1

EPSS 0.0012

EPSS Percentile 2.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-122 CWE-787

Status published

Products (2)

wolfssl/wolfssl < 5.8.4

wolfssl/wolfssl < 5.9.0

Published Mar 19, 2026

Tracked Since Mar 19, 2026