CVE-2026-6679

A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This affects builds using DTLS 1.3 and wolfSSL version 5.9.0 and earlier. A fix was added to the 5.9.1 release.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*

History

27 Jun 2026, 20:26

Type Values Removed Values Added
CPE cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*
References () https://github.com/wolfSSL/wolfssl/pull/10116 - () https://github.com/wolfSSL/wolfssl/pull/10116 - Issue Tracking, Patch
References () https://www.wolfssl.com/docs/security-vulnerabilities/ - () https://www.wolfssl.com/docs/security-vulnerabilities/ - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
First Time Wolfssl wolfssl
Wolfssl

25 Jun 2026, 21:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-25 21:16

Updated : 2026-06-27 20:26


NVD link : CVE-2026-6679

Mitre link : CVE-2026-6679

CVE.ORG link : CVE-2026-6679


JSON object : View

Products Affected

wolfssl

  • wolfssl
CWE
CWE-190

Integer Overflow or Wraparound

CWE-197

Numeric Truncation Error

CWE-787

Out-of-bounds Write