Description
When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the application to call specific session restore APIs.
Published: 2026-04-09
Score: 4.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Memory corruption from an arbitrary free
Action: Apply Patch
AI Analysis

Impact

When wolfSSL restores a session from cache, it uses a pointer extracted from the serialized session data to perform a free operation without validating that pointer. This deserialization flaw permits an attacker to trigger an arbitrary memory free, which can lead to program termination or serve as a stepping stone for more complex memory corruption attacks.

Affected Systems

The vulnerability affects the wolfSSL library across all versions that include the described session restore code. No specific version range is provided, so any release containing this code may be impacted until a patch is applied.

Risk and Exploitability

The CVSS score of 4.1 indicates moderate severity, and the vulnerability is not listed in CISA’s KEV catalog, suggesting limited known exploitation. Based on the description, it is inferred that an attacker must be able to inject a crafted session into the cache and trigger the session restore APIs. This capability could be achieved if an application exposes an endpoint that accepts session data. Successful exploitation could result in denial of service or an oracle for further attacks via memory corruption.

Generated by OpenCVE AI on April 9, 2026 at 23:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update wolfSSL to the latest patched version that eliminates the unchecked free operation.
  • If an upgrade is not immediately feasible, disable session caching or ensure strict validation of session data before attempting to free.
  • Monitor application logs for abnormal crash or memory error patterns that may indicate exploitation attempts.

Generated by OpenCVE AI on April 9, 2026 at 23:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 4.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H'}

Tue, 14 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Wolfssl
Wolfssl wolfssl
Vendors & Products Wolfssl
Wolfssl wolfssl

Thu, 09 Apr 2026 22:30:00 +0000

Type Values Removed Values Added
Description When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the application to call specific session restore APIs.
Title Session Cache Restore — Arbitrary Free via Deserialized Pointer
Weaknesses CWE-502
References
Metrics cvssV4_0

{'score': 4.1, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Wolfssl Wolfssl
cve-icon MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published:

Updated: 2026-04-14T14:38:40.362Z

Reserved: 2026-04-03T16:40:00.883Z

Link: CVE-2026-5507

cve-icon Vulnrichment

Updated: 2026-04-14T14:38:34.533Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-09T23:17:01.543

Modified: 2026-04-29T14:05:22.370

Link: CVE-2026-5507

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:27:37Z

Weaknesses