Description
Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL.
Published: 2026-04-09
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch
AI Analysis

Impact

An out‑of‑bounds read can occur in wolfSSL during the TLS 1.3 CertificateVerify step when dual‑algorithm certificates are enabled. Crafted input to the certificate verification routine is able to cause the library to read beyond the intended buffer, which could expose arbitrary data from memory. The description does not mention any denial of service or code execution; the primary impact is the potential disclosure of sensitive information.

Affected Systems

The vulnerable code exists in wolfSSL builds that enable experimental features and dual‑algorithm certificate support through the compiler flags --enable-experimental and --enable-dual-alg-certs. No specific version numbers are listed, so any build that incorporates those flags may be vulnerable.

Risk and Exploitability

The CVSS score of 6.3 indicates moderate severity, and no EPSS data is available; the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote, through a malicious TLS 1.3 handshake that sends a crafted CertificateVerify message. This inference is made because the flaw is triggered by specially crafted input and requires the library to process that input, which typically occurs during a TLS connection. Exploitation would need a target that is using a wolfSSL build with the vulnerable options enabled, which limits widespread attack potential but still warrants immediate attention.

Generated by OpenCVE AI on April 10, 2026 at 00:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest wolfSSL release that includes the fix referenced in the commit referenced by pull request 10079.
  • If an upgrade is not feasible, rebuild the library without the --enable-experimental and --enable-dual-alg-certs options to eliminate the vulnerable code path.
  • Verify that the deployed build is the patched version and that no out‑of‑bounds reads occur during CertificateVerify processing.

Generated by OpenCVE AI on April 10, 2026 at 00:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Wolfssl
Wolfssl wolfssl
Vendors & Products Wolfssl
Wolfssl wolfssl

Thu, 09 Apr 2026 23:30:00 +0000

Type Values Removed Values Added
Description Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL.
Title OOB Read in DoTls13CertificateVerify with WOLFSSL_DUAL_ALG_CERTS
Weaknesses CWE-125
References
Metrics cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Wolfssl Wolfssl
cve-icon MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published:

Updated: 2026-04-10T15:02:58.096Z

Reserved: 2026-04-01T23:11:41.235Z

Link: CVE-2026-5393

cve-icon Vulnrichment

Updated: 2026-04-10T15:02:55.309Z

cve-icon NVD

Status : Received

Published: 2026-04-10T00:16:35.750

Modified: 2026-04-10T00:16:35.750

Link: CVE-2026-5393

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:27:29Z

Weaknesses