An integer underflow in wolfSSL’s packet sniffer causes a heap buffer overflow in the AEAD decryption routine. The underflow wraps a 16‑bit length field to an unexpectedly large value, which is then passed to the decryption routine for TLS Application Data records that are shorter than the explicit IV plus authentication tag. The resulting write beyond bounds triggers a heap buffer overflow and causes a crash. The primary impact is a denial‑of‑service; the vulnerability does not allow an attacker to gain code execution or elevated privileges. This weakness is classified as CWE‑191.

The defective code exists in the wolfSSL library’s packet sniffer component. All releases up to and including version 5.8.4 are affected. The vendor listed is wolfSSL. No specific product sub‑versions are enumerated beyond the ≤5.8.4 boundary.

The CVSS base score is 2.1, indicating low severity. EPSS data is unavailable and the vulnerability is not listed in the CISA KEV catalog. An unauthenticated attacker can trigger the flaw remotely by injecting malformed TLS Application Data records into traffic inspected by the sniffer. The attack requires no privileges and only results in a service crash; it does not allow code execution. Due to the limited scope and need for crafted network traffic, the overall exploitation risk is low but remediation is still recommended.