Home

Description

A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This affects builds using DTLS 1.3 and wolfSSL version 5.9.0 and earlier. A fix was added to the 5.9.1 release.

PUBLISHED Reserved 2026-04-20 | Published 2026-06-25 | Updated 2026-06-26 | Assigner wolfSSL




HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-787 Out-of-bounds Write

CWE-190 Integer Overflow or Wraparound

CWE-197 Numeric Truncation Error

Product status

Default status
unaffected

5.4.0 (semver)
affected

Credits

Nicholas Carlini from Anthropic finder

References

github.com/wolfSSL/wolfssl/pull/10116 patch

www.wolfssl.com/docs/security-vulnerabilities/

cve.org (CVE-2026-6679)

nvd.nist.gov (CVE-2026-6679)

Download JSON