CVE-2026-3547
Out-of-Bounds Read in wolfSSL ALPN Causes Denial of Service
Publication date: 2026-03-19
Last updated on: 2026-03-26
Assigner: wolfSSL Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wolfssl | wolfssl | to 5.9.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade wolfSSL to version 5.9.0 or later, where the vulnerability has been fixed by correcting the loop boundary condition in ALPN parsing.
Alternatively, if upgrading is not immediately possible, disabling ALPN support in wolfSSL (which is disabled by default) or disabling any features that enable ALPN (such as enable-apachehttpd, enable-bind, enable-curl, enable-haproxy, enable-hitch, enable-lighty, enable-jni, enable-nginx, enable-quic) can mitigate the risk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an out-of-bounds read in ALPN parsing within wolfSSL when ALPN is enabled. Detection would typically involve monitoring for process crashes or denial of service symptoms related to ALPN protocol handling.
Since the vulnerability triggers on a crafted ALPN protocol list, network detection could involve capturing and analyzing TLS handshake packets to identify suspicious or malformed ALPN protocol lists.
However, no specific detection commands or tools are provided in the available information.
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds read in the ALPN (Application-Layer Protocol Negotiation) parsing code of wolfSSL version 5.8.4 and earlier when ALPN is enabled. It occurs because the validation of the ALPN protocol list is incomplete, allowing a crafted ALPN protocol list to cause the software to read memory outside the intended bounds.
Specifically, the issue arises from an incorrect loop boundary condition in the code that processes the ALPN list, which leads to reading beyond the allocated memory. This can cause the process to crash.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a potential denial of service (DoS) due to a process crash triggered by the out-of-bounds read in ALPN handling.
Since ALPN is disabled by default, the risk applies mainly when wolfSSL is built with ALPN enabled, which is the case for certain third-party compatibility features such as Apache HTTPD, Bind, Curl, HAProxy, Hitch, Lighty, JNI, Nginx, and QUIC.