Description

Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffer via a crafted oversized EC public key point. The WOLFSSL_KCAPI_ECC code path copies the input to key->pubkey_raw (132 bytes) using XMEMCPY without a bounds check, unlike the ATECC code path which includes a length validation. This can be triggered during TLS key exchange when a malicious peer sends a crafted ECPoint in ServerKeyExchange.

INFO

Published Date :

2026-03-19T20:41:55.642Z

Last Modified :

2026-03-20T17:09:33.816Z

Source :

wolfSSL
AFFECTED PRODUCTS

The following products are affected by CVE-2026-4395 vulnerability.

Vendors Products
Wolfssl
  • Wolfssl
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-4395.

URL Resource
https://github.com/wolfSSL/wolfssl/pull/9988 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability