Description
X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. This is only triggered when calling these two APIs directly from an application, and does not affect TLS or certificate verify operations in wolfSSL.
Published: 2026-04-09
Score: 2.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Memory Corruption (Buffer Overflow)
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a 1‑to‑2‑byte buffer overflow that occurs when parsing the notAfter and notBefore fields of an X.509 certificate via the compatibility layer API. This flaw could corrupt memory in the calling application, potentially leading to crashes or arbitrary code execution if exploited. However, the impact is limited to code that directly invokes these APIs and does not affect TLS or certificate verification paths.

Affected Systems

The affected product is the wolfSSL SSL/TLS library. No specific version information is provided, so any release containing the unpatched functions may be vulnerable. All installations of wolfSSL that use the compatibility layer functions for certificate date parsing should be considered at risk.

Risk and Exploitability

The CVSS score of 2.3 signifies low overall severity, and the vulnerability is not listed in the CISA KEV catalog, with no EPSS data available. Exploitation requires an attacker to supply a crafted certificate to an application that calls the vulnerable API functions directly. Because TLS and routine certificate verification are unaffected, the likelihood of widespread exploitation is low, but the defect can still compromise the stability or integrity of the vulnerable application.

Generated by OpenCVE AI on April 10, 2026 at 00:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update wolfSSL to the latest release containing the fix for the X.509 date buffer overflow
  • Verify that application code no longer directly calls the vulnerable notAfter/notBefore API functions
  • Monitor logs and stability indicators for signs of memory corruption or unexpected crashes

Generated by OpenCVE AI on April 10, 2026 at 00:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Wolfssl
Wolfssl wolfssl
Vendors & Products Wolfssl
Wolfssl wolfssl

Thu, 09 Apr 2026 23:30:00 +0000

Type Values Removed Values Added
Description X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. This is only triggered when calling these two APIs directly from an application, and does not affect TLS or certificate verify operations in wolfSSL.
Title 1-2 Byte Buffer Overflow in wolfSSL_X509_notAfter/notBefore
Weaknesses CWE-122
References
Metrics cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/U:Green'}

Subscriptions

Wolfssl Wolfssl
cve-icon MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published:

Updated: 2026-04-10T13:51:56.742Z

Reserved: 2026-04-02T20:24:47.039Z

Link: CVE-2026-5448

cve-icon Vulnrichment

Updated: 2026-04-10T13:51:53.259Z

cve-icon NVD

Status : Received

Published: 2026-04-10T00:16:35.890

Modified: 2026-04-10T00:16:35.890

Link: CVE-2026-5448

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:27:26Z

Weaknesses