CVE-2026-4395

CRITICAL

Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path

Title source: cna

Description

Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffer via a crafted oversized EC public key point. The WOLFSSL_KCAPI_ECC code path copies the input to key->pubkey_raw (132 bytes) using XMEMCPY without a bounds check, unlike the ATECC code path which includes a length validation. This can be triggered during TLS key exchange when a malicious peer sends a crafted ECPoint in ServerKeyExchange.

References (1)

[Patch] https://github.com/wolfSSL/wolfssl/pull/9988

Scores

CVSS v3 9.8

EPSS 0.0014

EPSS Percentile 33.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-122

Status published

Products (2)

wolfSSL/wolfssl < 5.8.4

wolfssl/wolfssl < 5.9.0

Published Mar 19, 2026

Tracked Since Mar 20, 2026