CVE-2026-5772
Stack Buffer Over-read in wolfSSL MatchDomainName Causes Crash
Publication date: 2026-04-09
Last updated on: 2026-04-29
Assigner: wolfSSL Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wolfssl | wolfssl | to 5.9.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-126 | The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a 1-byte stack buffer over-read found in the MatchDomainName function within the source code file src/internal.c. It occurs during the validation of wildcard hostnames when the LEFT_MOST_WILDCARD_ONLY flag is enabled. Specifically, if a wildcard character (*) matches the entire hostname string, the function reads one byte beyond the allocated buffer without checking boundaries, which can lead to a program crash.
How can this vulnerability impact me? :
The primary impact of this vulnerability is that it can cause the affected software to crash due to reading memory beyond the intended buffer. This could lead to denial of service if the software is critical to operations. There is no indication from the provided information that this vulnerability allows for code execution or data leakage.