During verification of an SM2/SM3 certificate, Key Identifier reads the trailing 65 bytes of the public key without verifying that the key is actually that long. If the public key embedded in the certificate is shorter than 65 bytes, the logic performs an out-of-bounds read on the heap which can lead to a program crash. The vulnerability does not allow any out-of-bounds write, and there is no compromise of confidentiality or integrity; the primary impact is a denial of service through a crash of the wolfSSL-enabled application.

This weakness affects all builds of the wolfSSL library that have SM2 support enabled, either by selecting --enable-sm2 or --enable-all during compilation. The issue is present in every vendor implementation of wolfSSL that includes SM2/SM3 functionality and handles certificate verification.

The CVSS score of 6.3 classifies the vulnerability as medium severity. There is no EPSS data available, and the issue is not currently listed in the CISA KEV catalog, which suggests it is not known to be actively exploited in the wild. However, the attack could be performed by an adversary who can supply an arbitrary certificate to a wolfSSL-enabled service that verifies certificates. Because the vulnerability causes a crash but not a writable buffer overflow, the likelihood of a successful exploitation is lower than for more severe buffer-overflow bugs, but a determined attacker could still leverage the crash to perform denial-of-service attacks against the affected service.