CVE-2026-6681

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Jun 25, 2026

Vendor unknown

Description

The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release.

References

https://github.com/wolfSSL/wolfssl/pull/10116
https://www.wolfssl.com/docs/security-vulnerabilities/