CVE-2026-0930 | THREATINT

Description

Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output.

PUBLISHED Reserved 2026-01-13 | Published 2026-04-20 | Updated 2026-04-21 | Assigner wolfSSL

LOW: 2.3CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-126 Buffer over-read

Product status

Default status

unaffected

1.4.15 (semver) before 1.5.0

affected

Credits

Luigino Camastra finder

Pavel Kohout finder

References

github.com/wolfssl/wolfssh/pull/846

cve.org (CVE-2026-0930)

nvd.nist.gov (CVE-2026-0930)

Download JSON