Close Menu
    Subscribe
    Alerts

    CVE-2026-5772 | THREATINT

    adminBy No Comments1 Min Read


    Home

    Description

    A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. If a wildcard * exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check, which could cause a crash.

    PUBLISHED Reserved 2026-04-08 | Published 2026-04-09 | Updated 2026-04-09 | Assigner wolfSSL

    LOW: 2.1CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

    Problem types

    CWE-126 Buffer over-read

    Product status

    Default status
    unaffected

    Any version
    affected

    Credits

    Zou Dikai finder

    References

    github.com/wolfSSL/wolfssl/pull/10119

    cve.org (CVE-2026-5772)

    nvd.nist.gov (CVE-2026-5772)

    Download JSON



    Source link

    Share.

    Related Posts

    Add A Comment

    Comments are closed.