CVE-2026-3548

Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs, either of these out of bound writes could be triggered. Note this only affects builds that specifically enable CRL support, and the user would need to load a CRL from an untrusted source.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/wolfSSL/wolfssl/pull/9628/	Issue Tracking Patch
https://github.com/wolfSSL/wolfssl/pull/9873/	Exploit Issue Tracking Patch

Configurations

Configuration 1 (hide)

cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*

History

29 Apr 2026, 18:41

Type	Values Removed	Values Added
Summary		(es) Dos vulnerabilidades de desbordamiento de búfer existían en el analizador CRL de wolfSSL al analizar números CRL: un desbordamiento de búfer basado en montículo podría ocurrir al almacenar incorrectamente el número CRL como una cadena hexadecimal, y un desbordamiento basado en pila para números CRL de tamaño suficiente. Con CRLs apropiadamente elaborados, cualquiera de estas escrituras fuera de límites podría ser activada. Tenga en cuenta que esto solo afecta a las compilaciones que habilitan específicamente el soporte CRL, y el usuario necesitaría cargar un CRL de una fuente no confiable.
CPE		cpe:2.3:a:wolfssl:wolfssl::::::::
References	~~() https://github.com/wolfSSL/wolfssl/pull/9628/ -~~	() https://github.com/wolfSSL/wolfssl/pull/9628/ - Issue Tracking, Patch
References	~~() https://github.com/wolfSSL/wolfssl/pull/9873/ -~~	() https://github.com/wolfSSL/wolfssl/pull/9873/ - Exploit, Issue Tracking, Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Wolfssl Wolfssl wolfssl

19 Mar 2026, 18:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-19 18:16

Updated : 2026-04-29 18:41

NVD link : CVE-2026-3548

Mitre link : CVE-2026-3548

CVE.ORG link : CVE-2026-3548

JSON object : View

Products Affected

wolfssl

wolfssl

CWE

CWE-122

Heap-based Buffer Overflow

CWE-787

Out-of-bounds Write

9.8 /10