Security Vulnerability Report
中文
CVE-2026-3549 CVSS 9.8 CRITICAL

CVE-2026-3549

Published: 2026-03-19 21:17:13
Last Modified: 2026-03-26 18:21:41
Source: [email protected]

Description

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:* - VULNERABLE
wolfSSL (支持 TLS 1.3 ECH 的版本)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import socket import struct # Conceptual PoC for CVE-2026-3549 # This script sends a malformed TLS ClientHello with a crafted ECH extension # to trigger the integer underflow and heap overflow in vulnerable wolfSSL versions. def create_malformed_tls_handshake(): # TLS Record Layer Header (Handshake) content_type = b'\x16' version = b'\x03\x01' # Handshake Message: ClientHello msg_type = b'\x01' # Simplified ClientHello structure # ... # Malformed ECH Extension (Type 0xfe0d) ech_ext_type = struct.pack('>H', 0xfe0d) # Payload designed to trigger integer underflow in length calculation # Specific bytes depend on the exact parsing logic vulnerable in wolfSSL # e.g., a very small length field causing subtraction to underflow malformed_payload = b'\x00' * 10 ech_ext_data = struct.pack('>H', len(malformed_payload)) + malformed_payload extensions = ech_ext_type + ech_ext_data # Assemble full packet (skipping precise length calculations for brevity) # In a real exploit, the length fields must match the payload perfectly return b"PLACEHOLDER_FOR_MALFORMED_PACKET" # Example usage (Do not run against unauthorized systems) # target_ip = "127.0.0.1" # target_port = 443 # s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # s.connect((target_ip, target_port)) # s.send(create_malformed_tls_handshake())

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-3549", "sourceIdentifier": "[email protected]", "published": "2026-03-19T21:17:12.823", "lastModified": "2026-03-26T18:21:41.360", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving."}, {"lang": "es", "value": "Desbordamiento de montículo en el análisis de ECH de TLS 1.3. Existía un desbordamiento negativo de enteros en la lógica de análisis de la extensión ECH al calcular la longitud de un búfer, lo que resultó en la escritura más allá de los límites de un búfer asignado. Tenga en cuenta que en wolfSSL, ECH está desactivado por defecto, y el estándar ECH aún está evolucionando."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "LOW", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-122"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.9.0", "matchCriteriaId": "DA3FA1CB-CEDC-4D49-9ECD-99BBF1602312"}]}]}], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/9817", "source": "[email protected]", "tags": ["Issue Tracking", "Patch"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.