{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3547", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "state": "PUBLISHED", "assignerShortName": "wolfSSL", "dateReserved": "2026-03-04T18:38:04.989Z", "datePublished": "2026-03-19T20:20:42.608Z", "dateUpdated": "2026-03-21T03:33:23.444Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2026-03-19T20:20:42.608Z"}, "title": "wolfSSL: out-of-bounds read (DoS) in ALPN parsing due to incomplete validation", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-125", "description": "CWE-125: out-of-bounds read", "type": "CWE"}]}], "affected": [{"vendor": "wolfSSL", "product": "wolfSSL", "platforms": ["ALPN-enabled builds (HAVE_ALPN / --enable-alpn)"], "versions": [{"status": "affected", "version": "0", "lessThan": "5.9.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled (HAVE_ALPN / --enable-alpn). A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash (denial of service). Note that ALPN is disabled by default, but is enabled for these 3rd party compatibility features: enable-apachehttpd, enable-bind, enable-curl, enable-haproxy, enable-hitch, enable-lighty, enable-jni, enable-nginx, enable-quic.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled (HAVE_ALPN / --enable-alpn). A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash (denial of service). Note that ALPN is disabled by default, but is enabled for these 3rd party compatibility features: enable-apachehttpd, enable-bind, enable-curl, enable-haproxy, enable-hitch, enable-lighty, enable-jni, enable-nginx, enable-quic.</p>"}]}], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/9859", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}], "workarounds": [{"lang": "en", "value": "build without ALPN support if ALPN is not required.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>build without ALPN support if ALPN is not required.</p>"}]}], "solutions": [{"lang": "en", "value": "apply the fix in wolfssl/wolfssl#9859 (or upgrade to a release that includes it).", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>apply the fix in wolfssl/wolfssl#9859 (or upgrade to a release that includes it).</p>"}]}], "credits": [{"lang": "en", "value": "Oleh Konko", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-21T03:33:12.087254Z", "id": "CVE-2026-3547", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-21T03:33:23.444Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3547", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-21T03:33:12.087254Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-21T03:33:19.145Z"}}], "cna": {"title": "wolfSSL: out-of-bounds read (DoS) in ALPN parsing due to incomplete validation", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Oleh Konko"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "wolfSSL", "product": "wolfSSL", "versions": [{"status": "affected", "version": "0", "lessThan": "5.9.0", "versionType": "semver"}], "platforms": ["ALPN-enabled builds (HAVE_ALPN / --enable-alpn)"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "apply the fix in wolfssl/wolfssl#9859 (or upgrade to a release that includes it).", "supportingMedia": [{"type": "text/html", "value": "<p>apply the fix in wolfssl/wolfssl#9859 (or upgrade to a release that includes it).</p>", "base64": false}]}], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/9859", "tags": ["patch"]}], "workarounds": [{"lang": "en", "value": "build without ALPN support if ALPN is not required.", "supportingMedia": [{"type": "text/html", "value": "<p>build without ALPN support if ALPN is not required.</p>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled (HAVE_ALPN / --enable-alpn). A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash (denial of service). Note that ALPN is disabled by default, but is enabled for these 3rd party compatibility features: enable-apachehttpd, enable-bind, enable-curl, enable-haproxy, enable-hitch, enable-lighty, enable-jni, enable-nginx, enable-quic.", "supportingMedia": [{"type": "text/html", "value": "<p>Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled (HAVE_ALPN / --enable-alpn). A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash (denial of service). Note that ALPN is disabled by default, but is enabled for these 3rd party compatibility features: enable-apachehttpd, enable-bind, enable-curl, enable-haproxy, enable-hitch, enable-lighty, enable-jni, enable-nginx, enable-quic.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125: out-of-bounds read"}]}], "providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2026-03-19T20:20:42.608Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3547", "state": "PUBLISHED", "dateUpdated": "2026-03-21T03:33:23.444Z", "dateReserved": "2026-03-04T18:38:04.989Z", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "datePublished": "2026-03-19T20:20:42.608Z", "assignerShortName": "wolfSSL"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA3FA1CB-CEDC-4D49-9ECD-99BBF1602312", "versionEndExcluding": "5.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled (HAVE_ALPN / --enable-alpn). A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash (denial of service). Note that ALPN is disabled by default, but is enabled for these 3rd party compatibility features: enable-apachehttpd, enable-bind, enable-curl, enable-haproxy, enable-hitch, enable-lighty, enable-jni, enable-nginx, enable-quic."}, {"lang": "es", "value": "Lectura fuera de l\u00edmites en el an\u00e1lisis de ALPN debido a una validaci\u00f3n incompleta. wolfSSL 5.8.4 y versiones anteriores conten\u00edan una lectura fuera de l\u00edmites en el manejo de ALPN cuando se compilaba con ALPN habilitado (HAVE_ALPN / --enable-alpn). Una lista de protocolos ALPN manipulada podr\u00eda desencadenar una lectura fuera de l\u00edmites, lo que podr\u00eda llevar a un bloqueo potencial del proceso (denegaci\u00f3n de servicio). Tenga en cuenta que ALPN est\u00e1 deshabilitado por defecto, pero est\u00e1 habilitado para estas caracter\u00edsticas de compatibilidad de terceros: enable-apachehttpd, enable-bind, enable-curl, enable-haproxy, enable-hitch, enable-lighty, enable-jni, enable-nginx, enable-quic."}], "id": "CVE-2026-3547", "lastModified": "2026-03-26T18:27:31.467", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "facts@wolfssl.com", "type": "Secondary"}]}, "published": "2026-03-19T21:17:12.653", "references": [{"source": "facts@wolfssl.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/wolfSSL/wolfssl/pull/9859"}], "sourceIdentifier": "facts@wolfssl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "facts@wolfssl.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["alpn-enabled_builds_(have_alpn_/_--enable-alpn)"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,5.9.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "wolfSSL", "source": "cna", "vendor": "wolfSSL"}, "product": "wolfssl", "vendor": "wolfssl"}], "analysis": {"en": {"generated_at": "2026-03-26T19:53:52.294515+00:00", "value": {"mitigation_remediation": ["Apply the patch from wolfssl/wolfssl#9859 or upgrade to a wolfSSL release that contains the fix.", "If ALPN is not required, rebuild wolfSSL with the --disable-alpn flag to remove the vulnerable code path."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service via process crash"}, "threat_synthesis": {"affected_systems": "The affected product is the wolfSSL library, version 5.8.4 and all earlier releases that enable ALPN (HAVE_ALPN or --enable-alpn). Although ALPN is disabled by default, it is automatically enabled for several third\u2011party compatibility builds, including those for Apache HTTPD, Bind, Curl, HAProxy, Hitch, Lighty, JNI, NGINX, and QUIC. Use of these builds with ALPN enabled exposes the system to the vulnerability.", "description_and_impact": "An out\u2011of\u2011bounds read occurs in wolfSSL when it parses the Application\u2011Layer Protocol Negotiation (ALPN) extension during handshake. The vulnerability results from incomplete validation of the peer\u2011supplied ALPN protocol list, allowing a crafted list to trigger a memory read beyond the buffer. The flaw does not allow privilege escalation or disclosure of data; it only causes the wolfSSL process to crash, leading to a denial\u2011of\u2011service condition for any application relying on the library.", "risk_and_exploitability": "The CVSS score is 7.5, indicating moderate\u2011to\u2011high severity, while the EPSS score is below 1\u202f%, suggesting that widespread exploitation is unlikely. The flaw is not listed in CISA's KEV catalog. An attacker would need to target a service that uses wolfSSL with ALPN enabled and send a malicious ALPN list to trigger the crash. Because the vulnerability only causes a crash, it does not provide remote code execution or data exfiltration."}}}}, "created": "2026-03-20T08:56:20.667907+00:00", "updated": "2026-03-27T09:21:40.614229+00:00", "vendors": ["wolfssl", "wolfssl$PRODUCT$wolfssl"]}