Executive Summary

CVE-2026-3849 is a stack buffer overflow vulnerability in the wolfSSL library's implementation of Encrypted Client Hello (ECH) support, specifically in the wc_HpkeLabeledExtract function when processing an oversized ECH configuration.

This vulnerability occurs because a maliciously crafted ECH config sent by a TLS server can cause a stack buffer overflow on the client side.

Exploitation of this flaw could lead to remote code execution or cause the client program to crash.

ECH is an optional TLS 1.3 extension that encrypts the Client Hello message to improve privacy, and it is off by default in wolfSSL, only enabled with the enable-ech option.

Useful 0 Not Useful 0

Impact Analysis

If exploited, this vulnerability can cause a client using wolfSSL with ECH enabled to crash or potentially allow a remote attacker (a malicious TLS server) to execute arbitrary code on the client system.

This could lead to denial of service or compromise of the client device's security and integrity.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'The vulnerability in wolfSSL 5.8.4 involves a stack buffer overflow triggered by a maliciously crafted ECH config from a TLS server. Detection would involve monitoring TLS client connections for the use of ECH (Encrypted Client Hello) since ECH is off by default and only enabled with enable-ech.'}, {'type': 'paragraph', 'content': 'Since the vulnerability is triggered by a malicious TLS server sending an oversized or malformed ECH config, detection could include capturing and analyzing TLS handshake messages to identify suspicious or malformed ECH configurations.'}, {'type': 'paragraph', 'content': 'Specific commands are not provided in the available resources, but general approaches could include using network packet capture tools like tcpdump or Wireshark to filter for TLS ClientHello and ServerHello messages with ECH extensions, then analyzing the size and contents of the ECH config.'}, {'type': 'paragraph', 'content': "For example, a tcpdump command to capture TLS handshakes might be: tcpdump -i <interface> -w capture.pcap 'tcp port 443 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'"}, {'type': 'paragraph', 'content': "Then, using Wireshark, you can filter for 'tls.handshake.extension.type == 0x0029' (the ECH extension) and inspect the ECH config sizes and contents for anomalies."}] [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include disabling ECH support in wolfSSL clients until a fixed version is applied, since ECH is off by default and only enabled with enable-ech.

Upgrading wolfSSL to version 5.9.0 or later, which includes the fixes for this vulnerability as detailed in the pull request, is the recommended action.

Additionally, avoid connecting to untrusted or suspicious TLS servers that might send malicious ECH configurations.

Useful 0 Not Useful 0