CVE-2026-5772

MatchDomainName 1-Byte Stack Buffer Over-Read in Hostname Validation

Description

A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. If a wildcard * exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check, which could cause a crash.

INFO

Published Date :

2026-04-09T21:50:04.038Z

Last Modified :

2026-04-10T13:52:58.722Z

Source :

wolfSSL

AFFECTED PRODUCTS

The following products are affected by CVE-2026-5772 vulnerability.

Vendors	Products
Wolfssl	Wolfssl

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-5772.

URL	Resource
https://github.com/wolfSSL/wolfssl/pull/10119

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability