EUVD-2026-13150CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
Lifecycle Timeline
4Description
Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs, either of these out of bound writes could be triggered. Note this only affects builds that specifically enable CRL support, and the user would need to load a CRL from an untrusted source.
Analysis
Buffer overflow vulnerabilities in wolfSSL's CRL parser enable heap and stack memory corruption when processing maliciously crafted Certificate Revocation Lists, allowing potential code execution on affected systems. This vulnerability only impacts installations with explicit CRL support enabled that load CRLs from untrusted sources. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems using wolfSSL with CRL support enabled and identify which parse CRLs from untrusted or external sources. Within 7 days: Disable CRL support if not operationally critical, or implement network controls to restrict CRL sources to trusted, authenticated endpoints only. …
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | vulnerable | 4.6.0+p1-0+deb11u2 | - |
| bookworm | vulnerable | 5.5.4-2+deb12u2 | - |
| trixie | vulnerable | 5.7.2-0.1+deb13u1 | - |
| forky, sid | vulnerable | 5.8.4-1 | - |
| (unstable) | fixed | (unfixed) | - |
Share
External POC / Exploit Code
Leaving vuln.today