1-2 Byte Buffer Overflow in wolfSSL_X509_notAfter/notBefore_CVE-2026-5448

2.3 / 10

LOW

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/U:Green

Description

X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. This is only triggered when calling these two APIs directly from an application, and does not affect TLS or certificate verify operations in wolfSSL.

Basic Information

ID CVE-2026-5448

Source wolfSSL

Published Apr 9, 2026 at 23:18

Modified Apr 10, 2026 at 13:51

Affected Product

Vendor wolfSSL

Product wolfSSL

Affected Versions wolfSSL wolfSSL 0

CWE Classification

CWE-122

References

github.com /wolfSSL/wolfssl/pull/10071

{
    "lastseen": "",
    "description": "X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. This is only triggered when calling these two APIs directly from an application, and does not affect TLS or certificate verify operations in wolfSSL.",
    "published": "2026-04-09T23:18:15.780Z",
    "modified": "2026-04-10T13:51:56.742Z",
    "type": "cve",
    "title": "1-2 Byte Buffer Overflow in wolfSSL_X509_notAfter/notBefore",
    "source": "wolfSSL",
    "references": "https://github.com/wolfSSL/wolfssl/pull/10071",
    "id": "CVE-2026-5448",
    "bulletinFamily": "",
    "cwe": [
        "CWE-122"
    ],
    "cvelist": null,
    "sourceData": "wolfSSL wolfSSL 0",
    "sourceHref": "",
    "cvss": {
        "score": 2.3,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/U:Green",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "wolfSSL",
    "version": "0",
    "vendor": "wolfSSL",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}