{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4395", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "state": "PUBLISHED", "assignerShortName": "wolfSSL", "dateReserved": "2026-03-18T15:49:41.133Z", "datePublished": "2026-03-19T20:41:55.642Z", "dateUpdated": "2026-03-19T20:41:55.642Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2026-03-19T20:41:55.642Z"}, "title": "Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "affected": [{"vendor": "wolfSSL", "product": "wolfssl", "platforms": ["Linux"], "repo": "https://github.com/wolfSSL/wolfssl", "modules": ["wolfcrypt ECC"], "programFiles": ["wolfcrypt/src/ecc.c"], "programRoutines": [{"name": "wc_ecc_import_x963_ex"}], "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "5.8.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffer via a crafted oversized EC public key point. The WOLFSSL_KCAPI_ECC code path copies the input to key->pubkey_raw (132 bytes) using XMEMCPY without a bounds check, unlike the ATECC code path which includes a length validation. This can be triggered during TLS key exchange when a malicious peer sends a crafted ECPoint in ServerKeyExchange.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffer via a crafted oversized EC public key point. The WOLFSSL_KCAPI_ECC code path copies the input to key->pubkey_raw (132 bytes) using XMEMCPY without a bounds check, unlike the ATECC code path which includes a length validation. This can be triggered during TLS key exchange when a malicious peer sends a crafted ECPoint in ServerKeyExchange."}]}], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/9988", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "Safety": "NOT_DEFINED", "Automatable": "YES", "Recovery": "USER", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "LOW", "providerUrgency": "AMBER", "version": "4.0", "baseSeverity": "LOW", "baseScore": 1.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/AU:Y/R:U/V:D/RE:L/U:Amber"}}], "workarounds": [{"lang": "en", "value": "Build wolfSSL without WOLFSSL_KCAPI_ECC (this define is not enabled by default).", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Build wolfSSL without WOLFSSL_KCAPI_ECC (this define is not enabled by default)."}]}], "solutions": [{"lang": "en", "value": "Update to the wolfSSL version containing the fix from PR #9988, which adds a bounds check on inLen before the XMEMCPY to pubkey_raw in the KCAPI ECC code path.", "supportingMedia": [{"type": "text/html", "base64": false, "value": " Update to the wolfSSL version containing the fix from PR #9988, which adds a bounds check on inLen before the XMEMCPY to pubkey_raw in the KCAPI ECC code path."}]}], "credits": [{"lang": "en", "value": "Haruto Kimura (Stella)", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffer via a crafted oversized EC public key point. The WOLFSSL_KCAPI_ECC code path copies the input to key->pubkey_raw (132 bytes) using XMEMCPY without a bounds check, unlike the ATECC code path which includes a length validation. This can be triggered during TLS key exchange when a malicious peer sends a crafted ECPoint in ServerKeyExchange."}], "id": "CVE-2026-4395", "lastModified": "2026-03-20T13:39:46.493", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.3, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:L/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "LOW"}, "source": "facts@wolfssl.com", "type": "Secondary"}]}, "published": "2026-03-19T21:17:13.660", "references": [{"source": "facts@wolfssl.com", "url": "https://github.com/wolfSSL/wolfssl/pull/9988"}], "sourceIdentifier": "facts@wolfssl.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "facts@wolfssl.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["linux"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,5.8.4]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "wolfssl", "source": "cna", "vendor": "wolfSSL"}, "product": "wolfssl", "vendor": "wolfssl"}], "analysis": {"en": {"generated_at": "2026-03-19T22:27:07.676002+00:00", "value": {"mitigation_remediation": ["Update wolfSSL to the version that includes the fix from pull request #9988.", "If upgrading immediately is not possible, rebuild wolfSSL without enabling the WOLFSSL_KCAPI_ECC option.", "Verify that your build configuration does not include WOLFSSL_KCAPI_ECC or that it is disabled.", "Continue to monitor wolfSSL advisories and apply subsequent patches as they become available."], "summary": {"action": "Apply Patch", "impact": "Remote Buffer Overflow"}, "threat_synthesis": {"affected_systems": "The affected vendor is wolfSSL, product wolfssl. The vulnerability was present in wolfSSL versions that include the KCAPI ECC implementation before the patch committed in pull request #9988. The specific version range is not enumerated in the provided data, but the issue is fixed in the version that incorporates that PR. Clients that use the default build (where WOLFSSL_KCAPI_ECC is not enabled) are not affected unless they build with the option manually enabled.", "description_and_impact": "The vulnerability is a heap\u2011based buffer overflow in the wc_ecc_import_x963_ex() function of the wolfSSL wolfcrypt library. The overflow occurs in the KCAPI ECC code path when copying an EC public key point into the pubkey_raw buffer of 132 bytes without a bounds check. A malicious peer can craft an oversized EC public key point during the TLS ServerKeyExchange message, causing the overflow to write attacker\u2011controlled data beyond the buffer boundaries. This flaw is classified as CWE-122 and could result in memory corruption that may compromise confidentiality, integrity, and availability of the application, potentially enabling arbitrary code execution if the overwritten data can be leveraged.", "risk_and_exploitability": "CVSS score is 1.3, indicating a low severity issue under normal circumstances. The EPSS score is not available, and the vulnerability is not listed in CISA\u2019s KEV catalog, implying no public exploitation is known. The likely attack vector is a remote attacker sending a crafted ECPoint during the TLS handshake, which does not require privileged access or user interaction beyond establishing a TLS connection. Because the flaw affects a heap buffer in a cryptographic routine, successful exploitation would likely require precise memory state and may not reliably lead to code execution. Nonetheless, the absence of bounds checking still represents a dangerous weakness, and administrators should treat the exposure as a low\u2011to\u2011medium risk pending the availability of a patch."}}}}, "created": "2026-03-20T08:56:09.866012+00:00", "updated": "2026-03-20T11:06:19.805702+00:00", "vendors": ["wolfssl", "wolfssl$PRODUCT$wolfssl"]}