Description
A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. If a wildcard * exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check, which could cause a crash.
Published: 2026-04-09
Score: 2.1 Low
EPSS: < 1% Very Low
KEV: No
Impact: Potential crash leading to denial of service
Action: Immediate Patch
AI Analysis

Impact

A one‑byte stack buffer over‑read occurs in the MatchDomainName function during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. The function reads one byte beyond the hostname buffer if a leading wildcard consumes the entire string, leading to an out‑of‑bounds read that can trigger a crash. This type of error is a Stack Buffer Over‑Read (CWE‑126) and results in untrusted input causing a denial of service by terminating the process.

Affected Systems

The vulnerability affects the wolfSSL cryptographic library, specifically the hostname validation code in src/internal.c. No specific product version is listed in the advisory, but the issue exists in releases of wolfSSL that contain the described function and flag handling. Any deployment that links against an affected build of wolfSSL and performs wildcard hostname validation is at risk.

Risk and Exploitability

The CVSS score of 2.1 indicates low severity. Since EPSS data is unavailable and the vulnerability is not in the KEV catalog, the likelihood of widespread exploitation appears limited. Nevertheless, an attacker who can control or influence the hostname string validated by wolfSSL could trigger a crash by crafting a name that fully matches a leading wildcard when the LEFT_MOST_WILDCARD_ONLY flag is enabled. Because the impact is service interruption rather than data theft, the risk is primarily operational.

Generated by OpenCVE AI on April 9, 2026 at 23:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update wolfSSL to a version that includes the fix from pull request 10119 or the corresponding release.
  • If updating is not immediately possible, disable the LEFT_MOST_WILDCARD_ONLY flag or avoid using wildcards that fully match the hostname during validation.
  • Restart any services that load the affected wolfSSL library after applying the patch or configuration change.
  • Monitor application logs for crashes related to hostname validation to confirm the mitigation is effective.

Generated by OpenCVE AI on April 9, 2026 at 23:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Fri, 10 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Wolfssl
Wolfssl wolfssl
Vendors & Products Wolfssl
Wolfssl wolfssl

Thu, 09 Apr 2026 22:00:00 +0000

Type Values Removed Values Added
Description A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. If a wildcard * exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check, which could cause a crash.
Title MatchDomainName 1-Byte Stack Buffer Over-Read in Hostname Validation
Weaknesses CWE-126
References
Metrics cvssV4_0

{'score': 2.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Wolfssl Wolfssl
cve-icon MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published:

Updated: 2026-04-10T13:52:58.722Z

Reserved: 2026-04-08T06:47:03.016Z

Link: CVE-2026-5772

cve-icon Vulnrichment

Updated: 2026-04-10T13:52:55.628Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-09T22:16:36.937

Modified: 2026-04-29T14:52:45.697

Link: CVE-2026-5772

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:27:40Z

Weaknesses