CVE-2026-5772
Received Received - Intake
Stack Buffer Over-read in wolfSSL MatchDomainName Causes Crash

Publication date: 2026-04-09

Last updated on: 2026-04-29

Assigner: wolfSSL Inc.

Description
A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. If a wildcard * exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check, which could cause a crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-09
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-10
EPSS Evaluated
2026-06-14
NVD
CVE-2026-5772
EUVD
EUVD-2026-21218
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wolfssl wolfssl to 5.9.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-126 The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a 1-byte stack buffer over-read found in the MatchDomainName function within the source code file src/internal.c. It occurs during the validation of wildcard hostnames when the LEFT_MOST_WILDCARD_ONLY flag is enabled. Specifically, if a wildcard character (*) matches the entire hostname string, the function reads one byte beyond the allocated buffer without checking boundaries, which can lead to a program crash.

Impact Analysis

The primary impact of this vulnerability is that it can cause the affected software to crash due to reading memory beyond the intended buffer. This could lead to denial of service if the software is critical to operations. There is no indication from the provided information that this vulnerability allows for code execution or data leakage.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5772. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart