CVE-2026-5187
Heap Out-of-Bounds Write in wolfcrypt ASN.1 Decoder
Publication date: 2026-04-09
Last updated on: 2026-04-16
Assigner: wolfSSL Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wolfssl | wolfssl | to 5.9.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves two potential heap out-of-bounds write issues in the DecodeObjectId() function within the wolfcrypt library's asn.c source file.
First, the function performs a bounds check that only validates one available slot before writing two Object Identifier (OID) arc values (out[0] and out[1]). This allows a 2-byte out-of-bounds write when the output size (outSz) equals 1.
Second, multiple callers incorrectly pass the size in bytes of the decOid structure (64 bytes on 64-bit platforms) instead of the element count MAX_OID_SZ (32). This causes the function to accept crafted OIDs with 33 or more arcs, which results in writes past the end of the allocated buffer.
How can this vulnerability impact me? :
The vulnerability can lead to heap out-of-bounds writes, which may cause memory corruption.
Such memory corruption can potentially be exploited to cause crashes, unexpected behavior, or in some cases, arbitrary code execution depending on the context in which the vulnerable function is used.
Because the CVSS base score is 2.3, the impact is considered low but still may pose a risk in environments where the wolfcrypt library processes untrusted input.