CVE-2026-6681 | The PKCS#7 decode path ignores the caller-supplied output bu… | CVSS 1.0 LOW

Description

The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release.

Metadata

CVE ID: CVE-2026-6681
State: PUBLISHED
Assigner: wolfSSL
Reserved: 2026-04-20 15:00 UTC
Published: 2026-06-25 20:11 UTC
Last updated: 2026-06-25 20:11 UTC
Primary CWE: CWE-787
CWE-787 Out-of-bounds Write
Vendor / Product: wolfSSL / wolfSSL
Sources: cve.org · NVD

Severity & Metrics

1.0 LOW CVSS 4.0

CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/U:Clear

Affected products (1)

Vendor	Product	Platform	Versions
wolfSSL	wolfSSL	—	3.10.0 ≤ 5.9.0

Weakness (CWE)

CWE	Source	Description
CWE-120	cna	CWE-120 Buffer Copy without Checking Size of Input
CWE-787	cna	CWE-787 Out-of-bounds Write

CVSS scores (1)

Score	Severity	Version	Source	Vector
1.0	LOW	4.0	cna	CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/U:Clear

References (2)