CVE-2026-5778 LOW

CVE-2026-5778: Integer underflow leads to out-of-bounds access in sniffer ChaCha decrypt path.

Vendor Wolfssl
Product wolfSSL
Weakness CWE-191
Published April 9, 2026
Last update April 10, 2026

CVSS base score

2.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_DecodePacket. The underflow wraps a 16-bit length to a large value that is passed to AEAD decryption routines, causing a large out-of-bounds read and crash. An unauthenticated attacker can trigger this remotely via malformed TLS Application Data records.

Key dates

02Disclosure timeline

April 9, 2026 CVE published
April 10, 2026 Record updated