← Zuruck zu CVEs
CVE-2026-5503
N/ABeschreibung
In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find returned NULL. This caused TLSX_UseSNI to attach the attacker-controlled publicName to the shared WOLFSSL_CTX when no inner SNI was configured. TLSX_EchRestoreSNI then failed to clean it up because its removal was gated on serverNameX != NULL. The inner ClientHello was sized before the pollution but written after it, causing TLSX_SNI_Write to memcpy 255 bytes past the allocation boundary.
CVE Details
CVSS v3.1 BewertungN/A
Veroffentlicht4/9/2026
Zuletzt geandert4/13/2026
Quellenvd
Honeypot-Sichtungen0
Schwachen (CWE)
CWE-787
Referenzen
https://github.com/wolfSSL/wolfssl/pull/10102(facts@wolfssl.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.