Description
Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bounds check is in the indefinite-length end-of-content verification loop in PKCS7_VerifySignedData().
Published: 2026-04-09
Score: 2.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

A heap out-of-bounds read occurs during parsing of PKCS7 SignedData in the wolfSSL library. A crafted PKCS7 message can trigger the missing bounds check in the indefinite-length end-of-content verification loop within PKCS7_VerifySignedData(), allowing an attacker to read arbitrary memory contents. This read can expose confidential data present on the host, constituting an information disclosure vulnerability classified as CWE-125.

Affected Systems

The affected component is the wolfSSL cryptographic library. No specific version range is listed, which means that any build that contains the unchanged PKCS7 parsing logic may be susceptible. Users should verify whether their deployment incorporates the patch introduced in GitHub pull request 10039, which resolves the bounds check issue.

Risk and Exploitability

The CVSS score of 2.3 indicates a low severity impact. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited or no known active exploitation. Based on the fact that the flaw is triggered by processing a PKCS7 message, the likely attack vector involves supply of untrusted PKCS7 data, either remotely or locally, to an application that uses wolfSSL. Because the weakness only permits a memory read, it does not provide code execution or denial-of-service capabilities; therefore, the overall risk remains low.

Generated by OpenCVE AI on April 10, 2026 at 00:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade wolfSSL to a release that contains the patch from GitHub pull request 10039.
  • If an update is not immediately possible, avoid processing untrusted PKCS7 data or guard the input before passing it to the library.

Generated by OpenCVE AI on April 10, 2026 at 00:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Wolfssl
Wolfssl wolfssl
Vendors & Products Wolfssl
Wolfssl wolfssl

Thu, 09 Apr 2026 23:30:00 +0000

Type Values Removed Values Added
Description Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bounds check is in the indefinite-length end-of-content verification loop in PKCS7_VerifySignedData().
Title wolfSSL heap OOB read in PKCS7 SignedData streaming
Weaknesses CWE-125
References
Metrics cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Wolfssl Wolfssl
cve-icon MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published:

Updated: 2026-04-10T14:08:48.204Z

Reserved: 2026-04-01T23:11:07.366Z

Link: CVE-2026-5392

cve-icon Vulnrichment

Updated: 2026-04-10T14:08:44.787Z

cve-icon NVD

Status : Received

Published: 2026-04-10T00:16:35.603

Modified: 2026-04-10T00:16:35.603

Link: CVE-2026-5392

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:27:28Z

Weaknesses