CVE-2026-5772
Received Received - Intake

Stack Buffer Over-read in wolfSSL MatchDomainName Causes Crash

Vulnerability report for CVE-2026-5772, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-09

Last updated on: 2026-04-29

Assigner: wolfSSL Inc.

Description

A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. If a wildcard * exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check, which could cause a crash.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-09
Last Modified
2026-04-29
Generated
2026-07-06
AI Q&A
2026-04-10
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
wolfssl wolfssl to 5.9.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-126 The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a 1-byte stack buffer over-read found in the MatchDomainName function within the source code file src/internal.c. It occurs during the validation of wildcard hostnames when the LEFT_MOST_WILDCARD_ONLY flag is enabled. Specifically, if a wildcard character (*) matches the entire hostname string, the function reads one byte beyond the allocated buffer without checking boundaries, which can lead to a program crash.

Impact Analysis

The primary impact of this vulnerability is that it can cause the affected software to crash due to reading memory beyond the intended buffer. This could lead to denial of service if the software is critical to operations. There is no indication from the provided information that this vulnerability allows for code execution or data leakage.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5772. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart