Description
Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs, either of these out of bound writes could be triggered. Note this only affects builds that specifically enable CRL support, and the user would need to load a CRL from an untrusted source.
Published: 2026-03-19
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch
AI Analysis

Impact

Two buffer overflows exist in wolfSSL's CRL parser when processing CRL numbers: a heap‑based overflow occurs when the CRL number is stored as a hexadecimal string incorrectly, and a stack‑based overflow can be triggered for sufficiently large CRL numbers. An attacker can supply a malicious CRL from an untrusted source to cause out‑of‑bounds writes, which could lead to arbitrary code execution or denial of service on the affected system. The weakness is characterized by CWE‑122 (Heap‑based Buffer Overflow) and CWE‑787 (Out‑Of‑Bounds Write).

Affected Systems

The vulnerability affects the wolfSSL library (wolfSSL:wolfSSL). It only applies to builds that enable CRL support. No specific affected versions are listed in the CNA data, so version information is unknown. The vulnerability requires that the application loads a CRL from an untrusted source.

Risk and Exploitability

The CVSS score of 7.2 indicates a high severity. EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires delivery of a crafted CRL to a compatible application, which may be feasible in environments that accept external CRLs. The presence of a heap and stack buffer overflow means that an attacker with control over the CRL data could potentially achieve remote code execution, making the risk significant for applications that rely on wolfSSL with CRL support.

Generated by OpenCVE AI on March 19, 2026 at 19:50 UTC.

Remediation

Vendor Workaround

Disabling CRL processing is the only effective workaround for this issue. Preventing the overflow by validating the CRL number length requires source code modification and therefore should be considered a fix rather than a workaround.

OpenCVE Recommended Actions

  • Disable CRL processing in wolfSSL configuration
  • Verify that CRL support is not enabled in wolfSSL builds
  • If a patch or update is released by wolfSSL, apply it promptly
  • Monitor wolfSSL advisories for further updates

Generated by OpenCVE AI on March 19, 2026 at 19:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Wolfssl
Wolfssl wolfssl
Vendors & Products Wolfssl
Wolfssl wolfssl

Thu, 19 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
Description Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs, either of these out of bound writes could be triggered. Note this only affects builds that specifically enable CRL support, and the user would need to load a CRL from an untrusted source.
Title Buffer overflow in CRL number parsing in wolfSSL
Weaknesses CWE-122
CWE-787
References
Metrics cvssV4_0

{'score': 7.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U'}

Subscriptions

Wolfssl Wolfssl
cve-icon MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published:

Updated: 2026-03-19T18:00:53.844Z

Reserved: 2026-03-04T18:42:04.494Z

Link: CVE-2026-3548

cve-icon Vulnrichment

Updated: 2026-03-19T18:00:45.496Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-19T18:16:22.953

Modified: 2026-03-20T13:39:46.493

Link: CVE-2026-3548

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T11:06:41Z

Weaknesses