Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2026-4159

Опубликовано: 19 мар. 2026
Источник: debian
EPSS Низкий

Описание

1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted content. Note that PKCS7 support is disabled by default.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
wolfsslfixed5.9.0-0.1package
wolfsslno-dsatrixiepackage
wolfsslno-dsabookwormpackage

Примечания

  • https://github.com/wolfSSL/wolfssl/pull/9945

  • Fixed by: https://github.com/wolfSSL/wolfssl/commit/d37b51c3cef6897e117364ab8b1a257e52a634c0 (v5.9.0-stable)

EPSS

Процентиль: 5%
0.00019
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2026-4159

ubuntu
22 дня назад

1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted content. Note that PKCS7 support is disabled by default.

nvd логотип

CVE-2026-4159

nvd
22 дня назад

1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted content. Note that PKCS7 support is disabled by default.

msrc логотип

CVE-2026-4159

msrc
11 дней назад

wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read

github логотип

GHSA-m9r6-9wmx-24jv

github
22 дня назад

1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted content. Note that PKCS7 support is disabled by default.

EPSS

Процентиль: 5%
0.00019
Низкий