CVE-2026-6681

Summary

The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release.

Affected Software

VendorProductVersion RangeStatus
wolfSSLwolfSSL3.10.0 <= 5.9.0affected

Weaknesses

  • CWE-787: CWE-787 Out-of-bounds Write
  • CWE-120: CWE-120 Buffer Copy without Checking Size of Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References