CVE Catalog

CVE-2026-6679

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.39%

30th percentile — higher than 30% of all known CVEs

Summary

A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun.

Risk Assessment

An unauthenticated remote attacker could exploit this vulnerability to cause a denial of service or potentially execute arbitrary code in the context of the process using wolfSSL.

Recommendation

Upgrade wolfSSL to version 5.9.1 or later, which contains the fix for this vulnerability.

Original NVD description (English source)

A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This affects builds using DTLS 1.3 and wolfSSL version 5.9.0 and earlier. A fix was added to the 5.9.1 release.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS