Description
Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output.
Published: 2026-04-20
Score: 2.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch
AI Analysis

Impact

An out‑of‑bounds read in wolfSSHd on Windows occurs when the server processes a terminal resize request, allowing an authenticated user to leak the content of adjacent stack memory into the pseudo‑console output. This can expose sensitive data stored on the stack and potentially compromise confidentiality. The weakness is a buffer overread involving adjacent stack memory (CWE‑125 and CWE‑126).

Affected Systems

This issue affects the wolfSSL wolfSSH product on Windows platforms. No specific affected versions are listed in the advisory, so the recommendation is to apply the most recent patch that addresses the resize handling bug.

Risk and Exploitability

The vulnerability carries a low CVSS score of 2.3 and has an EPSS score of less than 1%. It is not listed in the CISA KEV catalog. The attack requires an authenticated SSH session; after establishing the connection, a malicious user can send a terminal resize command to trigger the out‑of‑bounds read. Because the exploitation relies on normal operational actions rather than a malicious code payload, the practical risk is primarily limited to confidentiality leakage rather than remote code execution.

Generated by OpenCVE AI on April 28, 2026 at 08:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade wolfSSH to the latest release that includes the fix for the resize‑handling buffer leak.
  • Disable terminal resize capability or the pseudo‑console feature on Windows if the upgrade cannot be applied immediately.
  • Audit SSH access logs for unexpected memory‑leak indicators and monitor for any anomalous data appearing in terminal output.

Generated by OpenCVE AI on April 28, 2026 at 08:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 24 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Wolfssh
Wolfssh wolfssh
Weaknesses CWE-125
CPEs cpe:2.3:a:wolfssh:wolfssh:*:*:*:*:*:*:*:*
Vendors & Products Wolfssh
Wolfssh wolfssh
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Wed, 22 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Wolfssl
Wolfssl wolfssh
Vendors & Products Wolfssl
Wolfssl wolfssh

Tue, 21 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 20 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
Description Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output.
Title Potential wolfSSHd Buffer out-of-bounds Read on Windows Handling Terminal Resize
Weaknesses CWE-126
References
Metrics cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Wolfssh Wolfssh
Wolfssl Wolfssh
cve-icon MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published:

Updated: 2026-04-21T13:37:15.647Z

Reserved: 2026-01-13T23:45:50.452Z

Link: CVE-2026-0930

cve-icon Vulnrichment

Updated: 2026-04-21T13:37:11.443Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-20T22:16:23.210

Modified: 2026-04-24T19:15:35.897

Link: CVE-2026-0930

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T08:45:27Z

Weaknesses