Cyber Posture

CVE-2026-4395

Critical

Published: 19 March 2026

Published
19 March 2026
Modified
26 March 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0014 33.3th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffer via a crafted oversized EC public key point. The WOLFSSL_KCAPI_ECC code…

more

path copies the input to key->pubkey_raw (132 bytes) using XMEMCPY without a bounds check, unlike the ATECC code path which includes a length validation. This can be triggered during TLS key exchange when a malicious peer sends a crafted ECPoint in ServerKeyExchange.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly requires identifying, reporting, testing, and deploying patches to remediate the heap-based buffer overflow in wolfSSL's KCAPI ECC code path as addressed by the provided GitHub pull request.

SI-16 Memory Protection good match
prevent

Implements runtime memory protections like address space layout randomization, stack canaries, and non-executable heap memory to prevent exploitation of the heap buffer overflow via attacker-controlled data writes.

SI-10 Information Input Validation partial match
prevent

Mandates validation of untrusted inputs such as oversized EC public key points in TLS ServerKeyExchange messages to prevent them from exceeding the 132-byte pubkey_raw buffer bounds.

Security SummaryAI

CVE-2026-4395 is a heap-based buffer overflow vulnerability in the KCAPI ECC code path of the wc_ecc_import_x963_ex() function within the wolfcrypt component of the wolfSSL library. The flaw occurs because the WOLFSSL_KCAPI_ECC code path copies input data to the key->pubkey_raw buffer, which is sized for 132 bytes, using XMEMCPY without bounds checking. In contrast, the ATECC code path includes length validation. This issue affects wolfSSL deployments that utilize the KCAPI ECC path.

A remote attacker can exploit the vulnerability by acting as a malicious TLS peer and sending a crafted oversized EC public key point, specifically via an ECPoint in the ServerKeyExchange message during TLS key exchange. Exploitation enables writing attacker-controlled data past the bounds of the pubkey_raw buffer. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-122 (Heap-based Buffer Overflow).

The wolfSSL GitHub pull request at https://github.com/wolfSSL/wolfssl/pull/9988 addresses the issue, providing a patch for mitigation. Security practitioners should apply this update to wolfSSL installations using the affected KCAPI ECC code path.

Details

CWE(s)
CWE-122

Affected Products

wolfssl
wolfssl
≤ 5.9.0

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Remote, unauthenticated heap buffer overflow exploitable via crafted TLS ServerKeyExchange message in wolfSSL library, enabling exploitation of public-facing TLS applications or services.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References