CVE-2026-5778
Integer Underflow in wolfSSL Packet Sniffer Causes Remote Crash
Publication date: 2026-04-09
Last updated on: 2026-04-29
Assigner: wolfSSL Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wolfssl | wolfssl | to 5.9.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-191 | The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an integer underflow in the wolfSSL packet sniffer version 5.9.0 and earlier. It occurs in the AEAD decryption path when a TLS record shorter than the explicit IV plus authentication tag is injected into traffic inspected by the ssl_DecodePacket function. The underflow causes a 16-bit length value to wrap around to a large number, which is then passed to AEAD decryption routines. This results in a large out-of-bounds read and causes the program to crash.
An unauthenticated attacker can remotely trigger this vulnerability by sending malformed TLS Application Data records.
How can this vulnerability impact me? :
This vulnerability can cause a program crash in the affected wolfSSL packet sniffer during the AEAD decryption process. Since the crash is triggered by a large out-of-bounds read caused by an integer underflow, it may lead to denial of service conditions.
Because the attacker can trigger this remotely without authentication by sending malformed TLS records, it poses a risk of service disruption.