CVE-2026-3849

CRITICAL

Buffer Overflow in HPKE via Oversized ECH Config

Title source: cna

Description

Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH (Encrypted Client Hello) support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client program crash. This could be exploited by a malicious TLS server supporting ECH. Note that ECH is off by default, and is only enabled with enable-ech.

References (1)

Scores

CVSS v3 9.8
EPSS 0.0022
EPSS Percentile 44.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (2)
wolfssl/wolfssl 5.6.0 - 5.9.0
wolfSSL Inc./wolfSSL v5.6.0-stable - v5.8.4-stable
Published Mar 19, 2026
Tracked Since Mar 20, 2026