Description
Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffer via a crafted oversized EC public key point. The WOLFSSL_KCAPI_ECC code path copies the input to key->pubkey_raw (132 bytes) using XMEMCPY without a bounds check, unlike the ATECC code path which includes a length validation. This can be triggered during TLS key exchange when a malicious peer sends a crafted ECPoint in ServerKeyExchange.
Published: 2026-03-19
Score: 1.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Remote memory corruption potentially leading to code execution
Action: Immediate Patch
AI Analysis

Impact

A heap-based buffer overflow exists in the wc_ecc_import_x963_ex function of wolfSSL’s KCAPI ECC path. When a malicious TLS peer sends an oversized EC public key point, the code copies the input to the 132‑byte pubkey_raw buffer using XMEMCPY without validating the length. This allows attacker‑controlled data to be written past the buffer boundary, which can corrupt memory and may enable arbitrary code execution or denial of service. The flaw is identified as CWE‑122, a classic heap corruption weakness.

Affected Systems

The vulnerability affects the wolfSSL library for all platforms where the WOLFSSL_KCAPI_ECC path is compiled, which includes generic wolfSSL builds. The patch that resolves the issue is contained in the pull request referenced by the CVE; updating to the wolfSSL version that incorporates PR #9988 will remove the unsafe copy. If a project is using WOLFSSL_KCAPI_ECC, it must ensure it is disabled or upgraded. No specific version numbers are listed in the CNA data, so any build before the patch is potentially vulnerable.

Risk and Exploitability

The CVSS score is 1.3, indicating a low severity assessment, and the EPSS score is less than 1 %, suggesting that exploitation is currently unlikely. The vulnerability is not recorded in the NASA KEV catalog. Attackers would need to initiate a TLS handshake with a client that supports the KCAPI ECC path; the overflow would occur during the ServerKeyExchange message. While the path is typically not enabled by default, the combination of a rare code path and low exploitation probability lowers the overall risk, although the potential impact if exploited is significant.

Generated by OpenCVE AI on March 26, 2026 at 19:29 UTC.

Remediation

Vendor Solution

Update to the wolfSSL version containing the fix from PR #9988, which adds a bounds check on inLen before the XMEMCPY to pubkey_raw in the KCAPI ECC code path.

Vendor Workaround

Build wolfSSL without WOLFSSL_KCAPI_ECC (this define is not enabled by default).

OpenCVE Recommended Actions

  • Update wolfSSL to the patched release that includes the PR #9988 bounds‑check fix.
  • If an upgrade cannot be performed immediately, rebuild wolfSSL with the WOLFSSL_KCAPI_ECC option disabled to remove the vulnerable code path.

Generated by OpenCVE AI on March 26, 2026 at 19:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Fri, 20 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Wolfssl
Wolfssl wolfssl
Vendors & Products Wolfssl
Wolfssl wolfssl

Thu, 19 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
Description Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffer via a crafted oversized EC public key point. The WOLFSSL_KCAPI_ECC code path copies the input to key->pubkey_raw (132 bytes) using XMEMCPY without a bounds check, unlike the ATECC code path which includes a length validation. This can be triggered during TLS key exchange when a malicious peer sends a crafted ECPoint in ServerKeyExchange.
Title Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path
Weaknesses CWE-122
References
Metrics cvssV4_0

{'score': 1.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/AU:Y/R:U/V:D/RE:L/U:Amber'}

Subscriptions

Wolfssl Wolfssl
cve-icon MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published:

Updated: 2026-03-20T17:09:33.816Z

Reserved: 2026-03-18T15:49:41.133Z

Link: CVE-2026-4395

cve-icon Vulnrichment

Updated: 2026-03-20T17:09:29.983Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-19T21:17:13.660

Modified: 2026-03-26T18:16:37.927

Link: CVE-2026-4395

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:21:39Z

Weaknesses