Skip to main content

wolfSSL EUVDEUVD-2026-39546

| CVE-2026-55958 HIGH
Out-of-bounds Write (CWE-787)
2026-06-25 wolfSSL GHSA-8mfx-6cpc-cr47
8.3
CVSS 4.0 · Vendor: wolfSSL
Share

Severity by source

Vendor (wolfSSL) PRIMARY
8.3 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.5 MEDIUM

Network-reachable but AC:H because it needs a malicious/MITM server and an oversized transcript; PR:N/UI:N on the client; impact is a DoS crash (A:H) with incidental uncontrolled heap write (I:L), no confidentiality loss.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
4.0 AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (wolfSSL).

CVSS VectorVendor: wolfSSL

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 25, 2026 - 20:22 vuln.today
Analysis Generated
Jun 25, 2026 - 20:22 vuln.today

DescriptionCVE.org

Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In tsip_StoreMessage() the capacity check guarding the fixed message bag (MSGBAG_SIZE) sets an error code but fails to return, so execution falls through to an XMEMCPY that writes past the end of the buffer once the accumulated TLS 1.3 handshake transcript exceeds MSGBAG_SIZE (8 KB), corrupting adjacent heap state and potentially causing a remote denial of service crash. The bag is sized to hold a normal handshake, so this is reached only by an unusually large but valid certificate chain, or by a malicious or man-in-the-middle server sending an oversized handshake message to a client that does not strictly verify the chain. This only affects builds using the Renesas TSIP TLS port (WOLFSSL_RENESAS_TSIP_TLS) as a TLS 1.3 client on Renesas MCUs with TSIP hardware enabled, and is rated High within those builds. All other configurations are unaffected.

AnalysisAI

Remote denial of service in wolfSSL's Renesas TSIP TLS 1.3 client port (WOLFSSL_RENESAS_TSIP_TLS on Renesas MCUs with TSIP hardware) arises from an out-of-bounds heap write in tsip_StoreMessage(), where the capacity check guarding the fixed 8 KB message bag sets an error code but omits the return, letting execution fall through to an XMEMCPY that overruns the buffer once the accumulated handshake transcript exceeds 8 KB. A malicious or man-in-the-middle TLS 1.3 server (or an unusually large but legitimate certificate chain) can trigger heap corruption and crash the client. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Position as malicious or MITM TLS 1.3 server
Delivery
Send oversized handshake/certificate chain
Exploit
Transcript exceeds 8 KB message bag
Execution
Capacity check sets error but fails to return
Persist
XMEMCPY writes past heap buffer
Impact
Corrupt adjacent heap, crash client (DoS)

Vulnerability AssessmentAI

Exploitation Exploitation requires the target to be a wolfSSL build with the Renesas TSIP TLS port enabled (WOLFSSL_RENESAS_TSIP_TLS), running as a TLS 1.3 client on a Renesas MCU with TSIP hardware. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are moderate and internally consistent for a denial-of-service issue. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A man-in-the-middle positioned between a Renesas TSIP-based IoT/embedded device and its TLS 1.3 server (or a malicious server the device connects to without strict chain verification) sends an oversized handshake message - for example an inflated certificate chain - so the accumulated transcript exceeds the 8 KB message bag. The faulty capacity check fails to abort, the subsequent XMEMCPY writes past the heap buffer, and the device crashes, denying service. …
Remediation Apply the upstream fix from wolfSSL PR #10705 (https://github.com/wolfSSL/wolfssl/pull/10705), which adds the missing else branch so the XMEMCPY into the message bag executes only when the capacity check passes; an exact tagged patched release version was not provided in the input, so confirm the target release against the vendor advisory at https://www.wolfssl.com/docs/security-vulnerabilities/ before deploying. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all systems using wolfSSL with RENESAS_TSIP_TLS enabled on Renesas MCUs and assess criticality. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2017-13099 HIGH POC
7.5 Dec 13

wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange i

CVE-2017-2800 CRITICAL POC
9.8 May 24

A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting

CVE-2015-6925 HIGH POC
7.5 Jan 22

wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or tra

CVE-2022-39173 HIGH POC
7.5 Sep 29

In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. Rated high severity (

CVE-2022-38152 HIGH POC
7.5 Aug 31

An issue was discovered in wolfSSL before 5.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploita

CVE-2020-11713 HIGH POC
7.5 Apr 12

wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks. Ra

CVE-2019-18840 HIGH POC
7.5 Nov 09

In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data wh

CVE-2020-15309 HIGH POC
7.0 Aug 21

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Rated high severity (CVSS 7.0).

CVE-2020-24613 MEDIUM POC
6.8 Aug 24

wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in t

CVE-2015-7744 MEDIUM POC
5.9 Jan 22

wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CR

CVE-2022-38153 MEDIUM POC
5.9 Aug 31

An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is e

CVE-2021-37155 CRITICAL
9.8 Jul 21

wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request di

Share

EUVD-2026-39546 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy