CVE-2026-3849
Stack Buffer Overflow in wolfSSL ECH Enables Remote Exploitation
Publication date: 2026-03-19
Last updated on: 2026-03-26
Assigner: wolfSSL Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wolfssl | wolfssl | From 5.6.0 (inc) to 5.9.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3849 is a stack buffer overflow vulnerability in the wolfSSL library's implementation of Encrypted Client Hello (ECH) support, specifically in the wc_HpkeLabeledExtract function when processing an oversized ECH configuration.
This vulnerability occurs because a maliciously crafted ECH config sent by a TLS server can cause a stack buffer overflow on the client side.
Exploitation of this flaw could lead to remote code execution or cause the client program to crash.
ECH is an optional TLS 1.3 extension that encrypts the Client Hello message to improve privacy, and it is off by default in wolfSSL, only enabled with the enable-ech option.
How can this vulnerability impact me? :
If exploited, this vulnerability can cause a client using wolfSSL with ECH enabled to crash or potentially allow a remote attacker (a malicious TLS server) to execute arbitrary code on the client system.
This could lead to denial of service or compromise of the client device's security and integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'The vulnerability in wolfSSL 5.8.4 involves a stack buffer overflow triggered by a maliciously crafted ECH config from a TLS server. Detection would involve monitoring TLS client connections for the use of ECH (Encrypted Client Hello) since ECH is off by default and only enabled with enable-ech.'}, {'type': 'paragraph', 'content': 'Since the vulnerability is triggered by a malicious TLS server sending an oversized or malformed ECH config, detection could include capturing and analyzing TLS handshake messages to identify suspicious or malformed ECH configurations.'}, {'type': 'paragraph', 'content': 'Specific commands are not provided in the available resources, but general approaches could include using network packet capture tools like tcpdump or Wireshark to filter for TLS ClientHello and ServerHello messages with ECH extensions, then analyzing the size and contents of the ECH config.'}, {'type': 'paragraph', 'content': "For example, a tcpdump command to capture TLS handshakes might be: tcpdump -i <interface> -w capture.pcap 'tcp port 443 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'"}, {'type': 'paragraph', 'content': "Then, using Wireshark, you can filter for 'tls.handshake.extension.type == 0x0029' (the ECH extension) and inspect the ECH config sizes and contents for anomalies."}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling ECH support in wolfSSL clients until a fixed version is applied, since ECH is off by default and only enabled with enable-ech.
Upgrading wolfSSL to version 5.9.0 or later, which includes the fixes for this vulnerability as detailed in the pull request, is the recommended action.
Additionally, avoid connecting to untrusted or suspicious TLS servers that might send malicious ECH configurations.