Description

A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wc_PKCS7_DecryptOri() function in wolfcrypt/src/pkcs7.c. When processing a CMS EnvelopedData message containing an OtherRecipientInfo (ORI) recipient, the function copies an ASN.1-parsed OID into a fixed 32-byte stack buffer (oriOID[MAX_OID_SZ]) via XMEMCPY without first validating that the parsed OID length does not exceed MAX_OID_SZ. A crafted CMS EnvelopedData message with an ORI recipient containing an OID longer than 32 bytes triggers a stack buffer overflow. Exploitation requires the library to be built with --enable-pkcs7 (disabled by default) and the application to have registered an ORI decrypt callback via wc_PKCS7_SetOriDecryptCb().

INFO

Published Date :

2026-04-09T22:53:10.635Z

Last Modified :

2026-04-09T22:53:10.635Z

Source :

wolfSSL
AFFECTED PRODUCTS

The following products are affected by CVE-2026-5295 vulnerability.

Vendors Products
Wolfssl
  • Wolfssl
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-5295.

URL Resource
https://github.com/wolfSSL/wolfssl/pull/10116 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability