CVE-2026-6681

The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*

History

27 Jun 2026, 20:02

Type Values Removed Values Added
CPE cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
First Time Wolfssl wolfssl
Wolfssl
References () https://github.com/wolfSSL/wolfssl/pull/10116 - () https://github.com/wolfSSL/wolfssl/pull/10116 - Issue Tracking, Patch
References () https://www.wolfssl.com/docs/security-vulnerabilities/ - () https://www.wolfssl.com/docs/security-vulnerabilities/ - Vendor Advisory

25 Jun 2026, 21:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-25 21:16

Updated : 2026-06-27 20:02


NVD link : CVE-2026-6681

Mitre link : CVE-2026-6681

CVE.ORG link : CVE-2026-6681


JSON object : View

Products Affected

wolfssl

  • wolfssl
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-787

Out-of-bounds Write