Description
A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This affects builds using DTLS 1.3 and wolfSSL version 5.9.0 and earlier. A fix was added to the 5.9.1 release.
Published: 2026-06-25
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A heap buffer overflow occurs in the DTLS 1.3 ACK serialization path of wolfSSL before a peer is authenticated. The overflow is caused by integer truncation when calculating the length of the ACK record‑number list, which results in an undersized buffer that an attacker can overrun. This memory corruption can lead to arbitrary code execution or denial of service on the target system.

Affected Systems

wolfSSL versions 5.9.0 and earlier that enable DTLS 1.3 are affected. All builds using these library versions, regardless of operating system or platform, are at risk.

Risk and Exploitability

The CVSS score of 8.8 classifies the vulnerability as high severity, and the EPSS score is not available, though the absence from the CISA KEV list does not reduce the risk. An unauthenticated attacker can remotely send crafted DTLS messages before authentication completes, triggering the overflow and potentially executing code or crashing the host.

Generated by OpenCVE AI on June 25, 2026 at 23:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade wolfSSL to version 5.9.1 or later, where the integer truncation issue is fixed.
  • If an upgrade is not immediately possible, disable DTLS 1.3 or restrict traffic to trusted hosts to block the vulnerable code path.
  • Apply any additional security patches or configuration recommendations provided by wolfSSL in the advisory linked in the references to further reduce exploitation risk.

Generated by OpenCVE AI on June 25, 2026 at 23:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
First Time appeared Wolfssl
Wolfssl wolfssl
Vendors & Products Wolfssl
Wolfssl wolfssl

Thu, 25 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This affects builds using DTLS 1.3 and wolfSSL version 5.9.0 and earlier. A fix was added to the 5.9.1 release.
Title DTLS 1.3 ACK serialization heap buffer overflow via integer truncation
Weaknesses CWE-190
CWE-197
CWE-787
References
Metrics cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Wolfssl Wolfssl
cve-icon MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published:

Updated: 2026-06-25T20:13:06.190Z

Reserved: 2026-04-20T15:00:29.102Z

Link: CVE-2026-6679

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T01:15:04Z

Weaknesses