CVE-2026-5188 | THREATINT

Description

An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This results in incorrect handling of certificate data. The issue is limited to configurations using the original ASN.1 parsing implementation which is off by default.

PUBLISHED Reserved 2026-03-30 | Published 2026-04-10 | Updated 2026-04-10 | Assigner wolfSSL

LOW: 2.3CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-191 Integer underflow

Product status

Default status

unaffected

Any version

affected

Credits

Discovered by Muhammad Arya Arjuna Habibullah finder

References

github.com/wolfSSL/wolfssl/pull/10024

cve.org (CVE-2026-5188)

nvd.nist.gov (CVE-2026-5188)

Download JSON