Description
PKCS#12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS#12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS#12 structure using a length taken directly from the attacker-supplied input, without first verifying that it equals the length of the digest actually produced by the configured algorithm. A truncated or zero-length stored MAC could therefore be accepted, defeating the integrity protection of the MAC.
Published: 2026-06-25
Score: 6 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

PKCS#12 MAC verification in wolfSSL uses a comparison length supplied by the attacker, without first confirming that the length matches the expected digest size of the configured algorithm. When the MAC stored in the PKCS#12 structure is truncated or zero‑length, the check will still succeed and the tool will accept the data as authentic, thereby defeating the integrity protection normally provided by the MAC.

Affected Systems

wolfSSL libraries that implement PKCS#12 MAC verification. No specific versions are listed, so all releases that use the affected verification path are potentially impacted.

Risk and Exploitability

The CVSS score is 6, indicating medium severity. EPSS is not available, and the vulnerability is not listed in CISA KEV. The attack vector is not explicitly stated in the advisory, but the flaw suggests that any entity capable of providing a forged or truncated PKCS#12 file could bypass integrity checks. The omission of a proper length check could allow an attacker to inject malicious content that is believed to be authentic, which may compromise confidentiality, integrity, or availability of systems that rely on these containers.

Generated by OpenCVE AI on June 25, 2026 at 22:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade wolfSSL to a version that contains the fix from pull request 10192.
  • Rebuild and redeploy all applications that link against wolfSSL to ensure the new logic is in effect.
  • If an immediate upgrade is not possible, disable or refrain from using PKCS#12 functionality until a patch is available, and perform manual MAC length validation before accepting such files.

Generated by OpenCVE AI on June 25, 2026 at 22:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Description PKCS#12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS#12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS#12 structure using a length taken directly from the attacker-supplied input, without first verifying that it equals the length of the digest actually produced by the configured algorithm. A truncated or zero-length stored MAC could therefore be accepted, defeating the integrity protection of the MAC.
Title PKCS#12 MAC verification uses attacker-controlled comparison length
Weaknesses CWE-347
References
Metrics cvssV4_0

{'score': 6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published:

Updated: 2026-06-25T21:02:45.860Z

Reserved: 2026-04-15T03:08:29.037Z

Link: CVE-2026-6329

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T22:30:15Z

Weaknesses
  • CWE-347

    Improper Verification of Cryptographic Signature