{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0930", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "state": "PUBLISHED", "assignerShortName": "wolfSSL", "dateReserved": "2026-01-13T23:45:50.452Z", "datePublished": "2026-04-20T21:28:33.227Z", "dateUpdated": "2026-04-21T13:37:15.647Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2026-04-20T21:28:33.227Z"}, "title": "Potential wolfSSHd Buffer out-of-bounds Read on Windows Handling Terminal Resize", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-126", "description": "CWE-126 Buffer over-read", "type": "CWE"}]}], "affected": [{"vendor": "wolfSSL", "product": "wolfSSH", "versions": [{"status": "affected", "version": "1.4.15", "lessThan": "1.5.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Potential read out of bounds case with wolfSSHd on\u00a0Windows while handling a terminal resize request. An authenticated user could\u00a0trigger the out of bounds read after establishing a connection which would\u00a0leak the adjacent stack memory to the pseudo-console output.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Potential read out of bounds case with wolfSSHd on&nbsp;<span>Windows while handling a terminal resize request. An authenticated user could</span><span>&nbsp;</span><span>trigger the out of bounds read after establishing a connection which would</span><span>&nbsp;</span><span>leak the adjacent stack memory to the pseudo-console output.</span></p>"}]}], "references": [{"url": "https://github.com/wolfssl/wolfssh/pull/846"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "LOW", "baseScore": 2.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"}}], "credits": [{"lang": "en", "value": "Luigino Camastra", "type": "finder"}, {"lang": "en", "value": "Pavel Kohout", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-21T13:37:07.965883Z", "id": "CVE-2026-0930", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T13:37:15.647Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0930", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-21T13:37:07.965883Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T13:37:11.443Z"}}], "cna": {"title": "Potential wolfSSHd Buffer out-of-bounds Read on Windows Handling Terminal Resize", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Luigino Camastra"}, {"lang": "en", "type": "finder", "value": "Pavel Kohout"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "wolfSSL", "product": "wolfSSH", "versions": [{"status": "affected", "version": "1.4.15", "lessThan": "1.5.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/wolfssl/wolfssh/pull/846"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Potential read out of bounds case with wolfSSHd on\u00a0Windows while handling a terminal resize request. An authenticated user could\u00a0trigger the out of bounds read after establishing a connection which would\u00a0leak the adjacent stack memory to the pseudo-console output.", "supportingMedia": [{"type": "text/html", "value": "<p>Potential read out of bounds case with wolfSSHd on&nbsp;<span>Windows while handling a terminal resize request. An authenticated user could</span><span>&nbsp;</span><span>trigger the out of bounds read after establishing a connection which would</span><span>&nbsp;</span><span>leak the adjacent stack memory to the pseudo-console output.</span></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-126", "description": "CWE-126 Buffer over-read"}]}], "providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2026-04-20T21:28:33.227Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0930", "state": "PUBLISHED", "dateUpdated": "2026-04-21T13:37:15.647Z", "dateReserved": "2026-01-13T23:45:50.452Z", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "datePublished": "2026-04-20T21:28:33.227Z", "assignerShortName": "wolfSSL"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wolfssh:wolfssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "11F85568-0A3D-49B3-AEBE-33BFBB4CD22F", "versionEndExcluding": "1.5.0", "versionStartIncluding": "1.4.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Potential read out of bounds case with wolfSSHd on\u00a0Windows while handling a terminal resize request. An authenticated user could\u00a0trigger the out of bounds read after establishing a connection which would\u00a0leak the adjacent stack memory to the pseudo-console output."}], "id": "CVE-2026-0930", "lastModified": "2026-04-24T19:15:35.897", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "facts@wolfssl.com", "type": "Secondary"}]}, "published": "2026-04-20T22:16:23.210", "references": [{"source": "facts@wolfssl.com", "tags": ["Issue Tracking"], "url": "https://github.com/wolfssl/wolfssh/pull/846"}], "sourceIdentifier": "facts@wolfssl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-126"}], "source": "facts@wolfssl.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.4.15,1.5.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "wolfSSH", "source": "cna", "vendor": "wolfSSL"}, "product": "wolfssh", "vendor": "wolfssl"}], "analysis": {"en": {"generated_at": "2026-04-28T08:41:19.545259+00:00", "value": {"mitigation_remediation": ["Upgrade wolfSSH to the latest release that includes the fix for the resize\u2011handling buffer leak.", "Disable terminal resize capability or the pseudo\u2011console feature on Windows if the upgrade cannot be applied immediately.", "Audit SSH access logs for unexpected memory\u2011leak indicators and monitor for any anomalous data appearing in terminal output."], "summary": {"action": "Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "This issue affects the wolfSSL wolfSSH product on Windows platforms. No specific affected versions are listed in the advisory, so the recommendation is to apply the most recent patch that addresses the resize handling bug.", "description_and_impact": "An out\u2011of\u2011bounds read in wolfSSHd on Windows occurs when the server processes a terminal resize request, allowing an authenticated user to leak the content of adjacent stack memory into the pseudo\u2011console output. This can expose sensitive data stored on the stack and potentially compromise confidentiality. The weakness is a buffer overread involving adjacent stack memory (CWE\u2011125 and CWE\u2011126).", "risk_and_exploitability": "The vulnerability carries a low CVSS score of 2.3 and has an EPSS score of less than 1%. It is not listed in the CISA KEV catalog. The attack requires an authenticated SSH session; after establishing the connection, a malicious user can send a terminal resize command to trigger the out\u2011of\u2011bounds read. Because the exploitation relies on normal operational actions rather than a malicious code payload, the practical risk is primarily limited to confidentiality leakage rather than remote code execution."}}}}, "created": "2026-04-21T00:00:13.345408+00:00", "updated": "2026-04-28T08:45:27.190642+00:00", "vendors": ["wolfssl", "wolfssl$PRODUCT$wolfssh"]}