Description

A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wc_PKCS7_BuildSignedAttributes(), when adding custom signed attributes, the code passes an incorrect capacity value (esd->signedAttribsCount) to EncodeAttributes() instead of the remaining available space in the fixed-size signedAttribs[7] array. When an application sets pkcs7->signedAttribsSz to a value greater than MAX_SIGNED_ATTRIBS_SZ (default 7) minus the number of default attributes already added, EncodeAttributes() writes beyond the array bounds, causing stack memory corruption. In WOLFSSL_SMALL_STACK builds, this becomes heap corruption. Exploitation requires an application that allows untrusted input to control the signedAttribs array size when calling wc_PKCS7_EncodeSignedData() or related signing functions.

INFO

Published Date :

2026-03-19T16:54:33.442Z

Last Modified :

2026-03-19T17:19:37.134Z

Source :

wolfSSL
AFFECTED PRODUCTS

The following products are affected by CVE-2026-0819 vulnerability.

Vendors Products
Wolfssl
  • Wolfssl
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-0819.

URL Resource
https://github.com/wolfSSL/wolfssl/pull/9630 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability