CVE-2026-5194

Опубликовано: 09 апр. 2026

Источник: redhat

CVSS3: 10

EPSS Низкий

Описание

A flaw was found in wolfSSL. Missing hash/digest size and Object Identifier (OID) checks allow the acceptance of smaller, less secure digests during the verification of Elliptic Curve Digital Signature Algorithm (ECDSA) certificates. This could enable a remote attacker, with knowledge of the public Certificate Authority (CA) key, to weaken the security of ECDSA certificate-based authentication. The vulnerability affects ECDSA/ECC verification when EdDSA or ML-DSA are also enabled.

Отчет

This vulnerability doesn't affect any versions of MariaDB as shipped with Red Hat Products. For Red Hat products MariaDB is compiled and linked against the system's OpenSSL library instead of using the MariaDB's bundled WolfSSL library routines.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Hardened Images	mariadb10.11/mariadb10.11	Not affected
Red Hat Hardened Images	mariadb11.8/mariadb11.8	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical

Дефект:

CWE-295

https://bugzilla.redhat.com/show_bug.cgi?id=2457041wolfSSL: wolfSSL: Reduced security of ECDSA authentication via missing digest size checks

EPSS

Процентиль: 10%

0.00035

Низкий

10 Critical

CVSS3

Связанные уязвимости

CVE-2026-5194

ubuntu

5 дней назад

Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication if the public CA key used is also known. This affects ECDSA/ECC verification when EdDSA or ML-DSA is also enabled.