{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5447", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "state": "PUBLISHED", "assignerShortName": "wolfSSL", "dateReserved": "2026-04-02T19:39:14.309Z", "datePublished": "2026-04-09T20:13:34.398Z", "dateUpdated": "2026-04-10T18:07:28.848Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2026-04-09T20:13:34.398Z"}, "title": "Heap buffer overflow in CertFromX509() via AuthorityKeyIdentifier", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "type": "CWE"}]}], "affected": [{"vendor": "wolfSSL", "product": "wolfSSL", "repo": "https://github.com/wolfSSL/wolfssl", "programFiles": ["src/x509.c"], "versions": [{"status": "affected", "version": "0", "lessThan": "5.9.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when converting an X.509 certificate internally due to incorrect size handling of the AuthorityKeyIdentifier extension.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when converting an X.509 certificate internally due to incorrect size handling of the AuthorityKeyIdentifier extension.</p>"}]}], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/10112"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}], "credits": [{"lang": "en", "value": "Calif.io in collaboration with Claude and Anthropic Research", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-10T18:07:18.012291Z", "id": "CVE-2026-5447", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T18:07:28.848Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5447", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-10T18:07:18.012291Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T18:07:23.221Z"}}], "cna": {"title": "Heap buffer overflow in CertFromX509() via AuthorityKeyIdentifier", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Calif.io in collaboration with Claude and Anthropic Research"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/wolfSSL/wolfssl", "vendor": "wolfSSL", "product": "wolfSSL", "versions": [{"status": "affected", "version": "0", "lessThan": "5.9.1", "versionType": "semver"}], "programFiles": ["src/x509.c"], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/10112"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when converting an X.509 certificate internally due to incorrect size handling of the AuthorityKeyIdentifier extension.", "supportingMedia": [{"type": "text/html", "value": "<p>Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when converting an X.509 certificate internally due to incorrect size handling of the AuthorityKeyIdentifier extension.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2026-04-09T20:13:34.398Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5447", "state": "PUBLISHED", "dateUpdated": "2026-04-10T18:07:28.848Z", "dateReserved": "2026-04-02T19:39:14.309Z", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "datePublished": "2026-04-09T20:13:34.398Z", "assignerShortName": "wolfSSL"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when converting an X.509 certificate internally due to incorrect size handling of the AuthorityKeyIdentifier extension."}], "id": "CVE-2026-5447", "lastModified": "2026-04-09T21:16:13.150", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "facts@wolfssl.com", "type": "Secondary"}]}, "published": "2026-04-09T21:16:13.150", "references": [{"source": "facts@wolfssl.com", "url": "https://github.com/wolfSSL/wolfssl/pull/10112"}], "sourceIdentifier": "facts@wolfssl.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "facts@wolfssl.com", "type": "Secondary"}]}

{"bugzilla": {"description": "wolfSSL: wolfSSL: Heap buffer overflow via AuthorityKeyIdentifier size confusion", "id": "2457074", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457074"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-131", "details": ["A flaw was found in wolfSSL. A heap buffer overflow, a type of memory corruption vulnerability, occurs when converting an X.509 certificate internally due to incorrect size handling of the AuthorityKeyIdentifier extension. A remote attacker could exploit this flaw to cause a low integrity impact."], "name": "CVE-2026-5447", "package_state": [{"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Not affected", "package_name": "mariadb10.11/mariadb10.11", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Not affected", "package_name": "mariadb11.8/mariadb11.8", "product_name": "Red Hat Hardened Images"}], "public_date": "2026-04-09T20:13:34Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-5447\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-5447\nhttps://github.com/wolfSSL/wolfssl/pull/10112"], "statement": "This vulnerability doesn't affect any versions of MariaDB as shipped with Red Hat Products. For Red Hat products MariaDB is compiled and linked against the system's OpenSSL library instead of using the MariaDB's bundled WolfSSL library routines.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,5.9.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "wolfSSL", "source": "cna", "vendor": "wolfSSL"}, "product": "wolfssl", "vendor": "wolfssl"}], "analysis": {"en": {"generated_at": "2026-04-10T01:21:08.582653+00:00", "value": {"mitigation_remediation": ["Apply the latest wolfSSL patch that addresses CVE\u20112026\u20115447", "If a patch is not yet available, restrict the use of the CertFromX509 function to certificates from trusted sources", "Monitor applications for crashes or unusual memory usage in the certification path", "Consult wolfSSL release notes for affected versions"], "summary": {"action": "Apply Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The flaw appears in the wolfSSL library supplied by wolfSSL. No specific release versions are mentioned in the description, so any build containing the current CertFromX509 implementation could be vulnerable unless corrected by the vendor. Version information is not provided.", "description_and_impact": "A heap buffer overflow is triggered in the CertFromX509 function when processing the AuthorityKeyIdentifier extension of an X.509 certificate. The implementation incorrectly calculates the buffer size required for the extension, causing an out\u2011of\u2011bounds write on the heap. This memory corruption can enable an attacker to overwrite adjacent data, potentially leading to arbitrary code execution or application crashes, depending on the context in which the certificate is parsed.", "risk_and_exploitability": "The CVSS score of 6.3 indicates moderate severity. EPSS data is unavailable, and the issue is not listed in the CISA KEV catalog. Exploitation requires an attacker to supply a crafted certificate to an application that uses wolfSSL for certificate parsing. Because the overflow occurs on the heap, an attacker may achieve remote code execution or cause a denial of service if the vulnerable component is exposed to untrusted input. The attack vector is inferred to be remote through untrusted certificates, such as those received over a network or from a user\u2011supplied source."}}}}, "created": "2026-04-10T08:38:38.088703+00:00", "updated": "2026-04-10T09:29:21.189285+00:00", "vendors": ["wolfssl", "wolfssl$PRODUCT$wolfssl"]}