CVE-2026-5188

LOW

Integer underflow in X.509 SAN parsing in wolfSSL

Title source: cna

Description

An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This results in incorrect handling of certificate data. The issue is limited to configurations using the original ASN.1 parsing implementation which is off by default.

References (1)

https://github.com/wolfSSL/wolfssl/pull/10024

Scores

CVSS v4 2.3

EPSS 0.0003

EPSS Percentile 7.7%

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

Details

CWE

CWE-191

Status published

Products (1)

wolfSSL/wolfSSL < 5.9.0

Published Apr 10, 2026

Tracked Since Apr 10, 2026