CVE-2026-5503
Buffer Overflow in wolfSSL TLSX_EchChangeSNI Causes Memory Corruption
Publication date: 2026-04-09
Last updated on: 2026-04-27
Assigner: wolfSSL Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wolfssl | wolfssl | to 5.9.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the TLSX_EchChangeSNI function where extensions are set unconditionally even if a lookup function (TLSX_Find) returns NULL. As a result, the TLSX_UseSNI function attaches an attacker-controlled publicName to a shared context (WOLFSSL_CTX) when no inner Server Name Indication (SNI) is configured. The cleanup function TLSX_EchRestoreSNI fails to remove this because it only removes the data if a certain condition (serverNameX != NULL) is met. This leads to a situation where the inner ClientHello message is sized before this 'pollution' but written after it, causing a buffer overflow where 255 bytes are copied beyond the allocated memory boundary.
How can this vulnerability impact me? :
This vulnerability can lead to a buffer overflow condition, which may allow an attacker to corrupt memory. Such memory corruption can cause crashes, denial of service, or potentially enable remote code execution depending on the context in which the vulnerable code is used.