CVE-2026-5187 LOW

CVE-2026-5187: Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL

Vendor Wolfssl
Product wolfSSL
Weakness CWE-122
Published April 9, 2026
Last update April 14, 2026

CVSS base score

2.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Two potential heap out-of-bounds write locations existed in DecodeObjectId() in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot before writing two OID arc values (out[0] and out[1]), enabling a 2-byte out-of-bounds write when outSz equals 1. Second, multiple callers pass sizeof(decOid) (64 bytes on 64-bit platforms) instead of the element count MAX_OID_SZ (32), causing the function to accept crafted OIDs with 33 or more arcs that write past the end of the allocated buffer.

Key dates

02Disclosure timeline

April 9, 2026 CVE published
April 14, 2026 Record updated