All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-6681
LOWpublished 2026-06-25 21:16 UTC · 3 days ago · modified 2026-06-27 20:02 UTC
1.0
CVSS / 10
// description
The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release.
// cvss 4.0 vector
CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear
// weaknesses (CWE)
- CWE-120
- CWE-787