CVE-2026-5772

Summary

A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. If a wildcard * exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check, which could cause a crash.

Affected Software

VendorProductVersion RangeStatus
wolfSSLwolfSSL0 <= 5.9.0affected

Weaknesses

  • CWE-126: CWE-126 Buffer over-read

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References