Description
Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS.
Published: 2026-06-25
Score: 6.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a heap buffer overread in the wc_PKCS7_DecodeEnvelopedData function used by the wolfSSL library. When an attacker supplies crafted PKCS7 EnvelopedData, the function can read beyond the allocated buffer, potentially exposing data stored on the heap. This could lead to the corruption of sensitive information or local information exposure, though it does not provide code execution.

Affected Systems

The affected product is the wolfSSL library. Vendor: wolfSSL. No specific version range is provided in the advisory.

Risk and Exploitability

The CVSS score of 6.3 indicates moderate severity. The EPSS score is not available, so the commonly observed exploitation probability is unclear. The vulnerability is not listed in the CISA KEV catalog. An attacker would need to supply a malicious PKCS7 message, typically via S/MIME or CMS, to trigger the overread. Once the function parses the data, the overread could reveal sensitive information, but no remote code execution is described.

Generated by OpenCVE AI on June 25, 2026 at 18:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the fix from wolfSSL commit referenced in pull request 10128, which addresses the buffer overread in PKCS7 parsing.
  • If an update is not immediately possible, enforce strict input validation on PKCS7 messages before passing them to wc_PKCS7_DecodeEnvelopedData, ensuring the data size does not exceed expected limits.
  • For environments that do not require S/MIME or CMS processing, disable the corresponding wolfSSL features or remove wolfSSL from those components to reduce exposure.

Generated by OpenCVE AI on June 25, 2026 at 18:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
First Time appeared Wolfssl
Wolfssl wolfssl
Vendors & Products Wolfssl
Wolfssl wolfssl

Thu, 25 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 25 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Description Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS.
Title Heap buffer overread in wc_PKCS7_DecodeEnvelopedData parsing crafted PKCS7 EnvelopedData
Weaknesses CWE-125
References
Metrics cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Wolfssl Wolfssl
cve-icon MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published:

Updated: 2026-06-25T17:59:41.485Z

Reserved: 2026-04-10T16:18:33.557Z

Link: CVE-2026-6094

cve-icon Vulnrichment

Updated: 2026-06-25T17:59:37.857Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T22:15:04Z

Weaknesses