CVE-2026-4159

wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read

Description

1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted content. Note that PKCS7 support is disabled by default.

INFO

Published Date :

2026-03-19T21:17:46.357Z

Last Modified :

2026-03-20T16:29:05.925Z

Source :

wolfSSL

AFFECTED PRODUCTS

The following products are affected by CVE-2026-4159 vulnerability.

Vendors	Products
Wolfssl	Wolfssl

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-4159.

URL	Resource
https://github.com/wolfSSL/wolfssl/pull/9945

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability