CVE-2026-4159

1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted content. Note that PKCS7 support is disabled by default.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/wolfSSL/wolfssl/pull/9945	Issue Tracking Patch

Configurations

Configuration 1 (hide)

cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*

History

29 Apr 2026, 17:27

Type	Values Removed	Values Added
CPE		cpe:2.3:a:wolfssl:wolfssl::::::::
References	~~() https://github.com/wolfSSL/wolfssl/pull/9945 -~~	() https://github.com/wolfSSL/wolfssl/pull/9945 - Issue Tracking, Patch
First Time		Wolfssl Wolfssl wolfssl
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 3.3
Summary		(es) Lectura de montón fuera de límites (OOB) de 1 byte en wc_PKCS7_DecodeEnvelopedData a través de contenido cifrado de longitud cero. Existía una vulnerabilidad en wolfSSL 5.8.4 y anteriores, donde una lectura de montón fuera de límites de 1 byte en wc_PKCS7_DecodeEnvelopedData podría ser activada por un mensaje CMS EnvelopedData manipulado con contenido cifrado de longitud cero. Tenga en cuenta que el soporte de PKCS7 está deshabilitado por defecto.

19 Mar 2026, 22:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-19 22:16

Updated : 2026-04-29 17:27

NVD link : CVE-2026-4159

Mitre link : CVE-2026-4159

CVE.ORG link : CVE-2026-4159

JSON object : View

Products Affected

wolfssl

wolfssl

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2026-4159", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "facts@wolfssl.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 1.2, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "GREEN", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-19T22:16:42.993", "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/9945", "tags": ["Issue Tracking", "Patch"], "source": "facts@wolfssl.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "facts@wolfssl.com", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted content. Note that PKCS7 support is disabled by default."}, {"lang": "es", "value": "Lectura de mont\u00f3n fuera de l\u00edmites (OOB) de 1 byte en wc_PKCS7_DecodeEnvelopedData a trav\u00e9s de contenido cifrado de longitud cero. Exist\u00eda una vulnerabilidad en wolfSSL 5.8.4 y anteriores, donde una lectura de mont\u00f3n fuera de l\u00edmites de 1 byte en wc_PKCS7_DecodeEnvelopedData podr\u00eda ser activada por un mensaje CMS EnvelopedData manipulado con contenido cifrado de longitud cero. Tenga en cuenta que el soporte de PKCS7 est\u00e1 deshabilitado por defecto."}], "lastModified": "2026-04-29T17:27:15.173", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA3FA1CB-CEDC-4D49-9ECD-99BBF1602312", "versionEndExcluding": "5.9.0"}], "operator": "OR"}]}], "sourceIdentifier": "facts@wolfssl.com"}