wolfSSL Misinterprets Malformed Certificate Data in Some Configurations

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

2.3

wolfSSL Misinterprets Malformed Certificate Data in Some Configurations

CVE-2026-5188

Summary

In certain cases, wolfSSL may incorrectly process X.509 certificates with intentionally malformed data. This can happen when using the default configuration. To avoid potential issues, review your wolfSSL configuration to ensure the newer ASN.1 parsing implementation is enabled.

Original title

Original description

An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This results in incorrect handling of certificate data. The issue is limited to configurations using the original ASN.1 parsing implementation which is off by default.

nvd CVSS4.0 2.3

Vulnerability type

CWE-191

https://github.com/wolfSSL/wolfssl/pull/10024

Published: 10 Apr 2026 · Updated: 10 Apr 2026 · First seen: 10 Apr 2026