Description
A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When deserializing session data with SESSION_CERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and corrupt heap memory. A maliciously crafted session would need to be loaded from an external source to trigger this vulnerability. Internal sessions were not vulnerable.
Published: 2026-03-19
Score: 5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Heap Buffer Overflow
Action: Check Patch
AI Analysis

Impact

A heap-buffer-overflow vulnerability exists in the wolfSSL library’s wolfSSL_d2i_SSL_SESSION() function when deserializing TLS session data that has SESSION_CERTS enabled. The function reads certificate and session‑id lengths from untrusted input without performing bounds validation, allowing a crafted session blob to overflow fixed‑size buffers and corrupt heap memory. This corruption could enable an attacker to alter program flow or cause a crash, thereby compromising the confidentiality, integrity, or availability of the affected application.

Affected Systems

The vulnerability affects all products that include the wolfSSL library provided by the vendor wolfssl. No specific product or version information is supplied in the CVE data; therefore any instance that uses the library with SESSION_CERTS enabled is potentially exposed unless mitigated.

Risk and Exploitability

The CVSS score of 5 indicates a medium severity rating. EPSS data is not available, and the vulnerability is not listed in CISA’s KEV catalog. Based on the description, it is inferred that the attacker must supply a malicious session file to a system that processes such data, making the likely attack vector remote or via a compromised input source. No public exploits are documented, but the flaw can be reproduced under the stated conditions, giving attackers the potential to destabilize or take control of the vulnerable application.

Generated by OpenCVE AI on March 19, 2026 at 19:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for and apply any available wolfSSL update that mitigates CVE‑2026‑2646.
  • Disable SESSION_CERTS or avoid loading untrusted session data when possible.
  • Add bounds checks or validate all session data lengths before deserialization.
  • Restrict network access to services using wolfSSL to trusted hosts and monitor logs for abnormal session loads.
  • Keep the wolfSSL library updated with the latest security releases as soon as patches become available.

Generated by OpenCVE AI on March 19, 2026 at 19:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Wolfssl
Wolfssl wolfssl
Vendors & Products Wolfssl
Wolfssl wolfssl

Thu, 19 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
Description A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When deserializing session data with SESSION_CERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and corrupt heap memory. A maliciously crafted session would need to be loaded from an external source to trigger this vulnerability. Internal sessions were not vulnerable.
Title Heap buffer overflow in session parsing with wolfSSL_d2i_SSL_SESSION() function
Weaknesses CWE-122
References
Metrics cvssV4_0

{'score': 5, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Wolfssl Wolfssl
cve-icon MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published:

Updated: 2026-03-19T17:44:09.675Z

Reserved: 2026-02-17T22:29:37.732Z

Link: CVE-2026-2646

cve-icon Vulnrichment

Updated: 2026-03-19T17:43:55.369Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-19T18:16:22.223

Modified: 2026-03-20T13:39:46.493

Link: CVE-2026-2646

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T11:06:42Z

Weaknesses