CVE-2026-5187
Received Received - Intake
Heap Out-of-Bounds Write in wolfcrypt ASN.1 Decoder

Publication date: 2026-04-09

Last updated on: 2026-04-16

Assigner: wolfSSL Inc.

Description
Two potential heap out-of-bounds write locations existed in DecodeObjectId() in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot before writing two OID arc values (out[0] and out[1]), enabling a 2-byte out-of-bounds write when outSz equals 1. Second, multiple callers pass sizeof(decOid) (64 bytes on 64-bit platforms) instead of the element count MAX_OID_SZ (32), causing the function to accept crafted OIDs with 33 or more arcs that write past the end of the allocated buffer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-09
Last Modified
2026-04-16
Generated
2026-06-16
AI Q&A
2026-04-09
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5187
EUVD
EUVD-2026-21068
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wolfssl wolfssl to 5.9.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves two potential heap out-of-bounds write issues in the DecodeObjectId() function within the wolfcrypt library's asn.c source file.

First, the function performs a bounds check that only validates one available slot before writing two Object Identifier (OID) arc values (out[0] and out[1]). This allows a 2-byte out-of-bounds write when the output size (outSz) equals 1.

Second, multiple callers incorrectly pass the size in bytes of the decOid structure (64 bytes on 64-bit platforms) instead of the element count MAX_OID_SZ (32). This causes the function to accept crafted OIDs with 33 or more arcs, which results in writes past the end of the allocated buffer.

Impact Analysis

The vulnerability can lead to heap out-of-bounds writes, which may cause memory corruption.

Such memory corruption can potentially be exploited to cause crashes, unexpected behavior, or in some cases, arbitrary code execution depending on the context in which the vulnerable function is used.

Because the CVSS base score is 2.3, the impact is considered low but still may pose a risk in environments where the wolfcrypt library processes untrusted input.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5187. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart