Skip to main content

Microsoft CVE-2026-0930

| EUVDEUVD-2026-23950 LOW
Buffer Over-read (CWE-126)
2026-04-20 wolfSSL
2.3
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.3 LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Patch released
Apr 24, 2026 - 19:15 nvd
Patch available
Analysis Generated
Apr 21, 2026 - 00:17 vuln.today
Patch available
Apr 20, 2026 - 22:31 EUVD
CVSS changed
Apr 20, 2026 - 22:22 NVD
2.3 (LOW)
EUVD ID Assigned
Apr 20, 2026 - 21:45 euvd
EUVD-2026-23950
Analysis Generated
Apr 20, 2026 - 21:45 vuln.today
CVE Published
Apr 20, 2026 - 21:28 nvd
LOW 2.3

DescriptionCVE.org

Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output.

AnalysisAI

Out-of-bounds read in wolfSSHd on Windows allows authenticated users to leak adjacent stack memory via malformed terminal resize requests, exposing sensitive data through pseudo-console output. Affects wolfSSH versions prior to 1.5.0. CVSS score of 2.3 reflects low severity due to authentication requirement and limited confidentiality impact; vendor patch available.

Technical ContextAI

wolfSSH is a lightweight SSH server/client library used in embedded and resource-constrained environments. The vulnerability exists in the terminal resize request handler (likely CHANNEL_REQUEST for pty-req with window-change), which fails to properly validate buffer boundaries when processing resize data on Windows. The out-of-bounds read (CWE-126: Buffer Over-read) occurs in code handling pseudo-console (ConPTY) operations specific to Windows terminals. An authenticated SSH client sends a specially crafted resize request containing invalid dimensions or malformed data, causing the handler to read beyond allocated buffer bounds. The leaked stack memory is then transmitted to the client via the pseudo-console output stream, violating data confidentiality.

RemediationAI

Upgrade wolfSSH to version 1.5.0 or later, which includes the patch referenced in GitHub PR #846. The fix validates terminal resize request bounds and prevents out-of-bounds reads from pseudo-console handlers. If immediate upgrade is not feasible, apply the upstream fix from the merged PR #846 (https://github.com/wolfssl/wolfssh/pull/846) by building from the patched commit. As a temporary compensating control with significant limitations, restrict SSH access to wolfSSHd instances to trusted networks only (e.g., VPN, private subnets) to reduce credential compromise risk that enables this attack; however, this does NOT prevent exploitation by legitimate authenticated users and should not be relied upon as primary mitigation. Disable terminal/PTY functionality entirely if not required (disable CHANNEL_REQUEST handling for pty-req in configuration) - this eliminates the attack surface but breaks interactive terminal sessions.

Share

CVE-2026-0930 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy