PKCS#7 decode ignores caller output buffer size, writing past buffer...

1 / 10

LOW

CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/U:Clear

Description

The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release.

Basic Information

ID CVE-2026-6681

Source wolfSSL

Published Jun 25, 2026 at 20:11

Affected Product

Vendor wolfSSL

Product wolfSSL

Version 3.10.0

Affected Versions wolfSSL wolfSSL 3.10.0

CWE Classification

CWE-787 CWE-120

References

{
    "lastseen": "",
    "description": "The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release.",
    "published": "2026-06-25T20:11:39.446Z",
    "modified": "2026-06-25T20:11:39.446Z",
    "type": "cve",
    "title": "PKCS#7 decode ignores caller output buffer size, writing past buffer bounds",
    "source": "wolfSSL",
    "references": "https://github.com/wolfSSL/wolfssl/pull/10116\nhttps://www.wolfssl.com/docs/security-vulnerabilities/",
    "id": "CVE-2026-6681",
    "bulletinFamily": "",
    "cwe": [
        "CWE-787",
        "CWE-120"
    ],
    "cvelist": null,
    "sourceData": "wolfSSL wolfSSL 3.10.0",
    "sourceHref": "",
    "cvss": {
        "score": 1,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/U:Clear",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "wolfSSL",
    "version": "3.10.0",
    "vendor": "wolfSSL",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

PKCS#7 decode ignores caller output buffer size, writing past buffer bounds_CVE-2026-6681