Severity by source
CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Certificate presentation occurs over any network so AV:N; AC:H for non-default build flag and IP nameConstraints deployment requirement; PR:H for CA-level issuance authority; integrity-only PKI bypass, no confidentiality or availability impact.
Primary rating from Vendor (wolfSSL).
CVSS VectorVendor: wolfSSL
CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
iPAddress name constraints bypass when WOLFSSL_IP_ALT_NAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints.
AnalysisAI
Certificate IP address name constraint enforcement in wolfSSL is silently disabled when the library is compiled without the WOLFSSL_IP_ALT_NAME preprocessor define, allowing a CA operator to issue certificates bearing IP address Subject Alternative Names that the issuing CA's nameConstraints extension was intended to prohibit. Any wolfSSL-based TLS endpoint built in this configuration will accept these constraint-violating certificates as valid, undermining PKI-enforced IP address restrictions. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Three conditions must hold simultaneously for exploitation: (1) the target wolfSSL deployment must have been compiled without the WOLFSSL_IP_ALT_NAME preprocessor define - this is a non-default build-time configuration that omits IP address SAN processing at compile time, not a runtime setting; (2) the certificate chain being validated must include at least one CA certificate that carries a nameConstraints extension specifying IP address subtrees in its permitted or excluded name spaces - IP address name constraints are uncommon in public PKI but used in private enterprise or device PKI; and (3) the attacker must hold CA-level credentials sufficient to issue a certificate that violates those IP constraints, implying a compromised subordinate CA or privileged access to a certificate issuance system. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:A/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N) scores 5.7 (medium), with AT:P capturing the prerequisite build configuration condition and PR:H reflecting CA-level privilege requirements. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has compromised a subordinate CA operating within a private PKI that uses IP address nameConstraints issues an end-entity certificate bearing an IP address SAN outside the permitted IP ranges encoded in the issuing CA's nameConstraints extension. When that certificate is presented during a TLS handshake to a wolfSSL endpoint compiled without WOLFSSL_IP_ALT_NAME, the constraint violation is never checked, the certificate is accepted as valid, and the attacker can impersonate services at IP addresses the issuing CA was never authorized to certify. … |
| Remediation | Apply the upstream fix from wolfSSL GitHub PR #10354 (https://github.com/wolfSSL/wolfssl/pull/10354) once it is merged into a tagged release - a specific patched version number has not been independently confirmed from available data, so monitor https://www.wolfssl.com/docs/security-vulnerabilities/ for the confirmed fix release. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange i
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting
wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or tra
In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. Rated high severity (
An issue was discovered in wolfSSL before 5.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploita
wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks. Ra
In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data wh
An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Rated high severity (CVSS 7.0).
wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in t
wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CR
An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is e
wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request di
Same weakness CWE-295 – Improper Certificate Validation
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39580
GHSA-h4jr-6mf9-63fq