CVE-2026-5392 | THREATINT

Description

Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bounds check is in the indefinite-length end-of-content verification loop in PKCS7_VerifySignedData().

PUBLISHED Reserved 2026-04-01 | Published 2026-04-09 | Updated 2026-04-10 | Assigner wolfSSL

LOW: 2.3CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-125 Out-of-bounds Read

Product status

Default status

unaffected

Any version before 5.9.1

affected

Credits

J Laratro (d0sf3t) finder

References

github.com/wolfssl/wolfssl/pull/10039

cve.org (CVE-2026-5392)

nvd.nist.gov (CVE-2026-5392)

Download JSON