NIXPKGS-2026-0696

GitHub issue published on

Permalink CVE-2026-4395

updated 1 month, 3 weeks ago by @LeSuisse Activity log

Created suggestion 1 month, 3 weeks ago
@LeSuisse accepted 1 month, 3 weeks ago
@LeSuisse published on GitHub 1 month, 3 weeks ago

Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path

Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffer via a crafted oversized EC public key point. The WOLFSSL_KCAPI_ECC code path copies the input to key->pubkey_raw (132 bytes) using XMEMCPY without a bounds check, unlike the ATECC code path which includes a length validation. This can be triggered during TLS key exchange when a malicious peer sends a crafted ECPoint in ServerKeyExchange.

References

https://github.com/wolfSSL/wolfssl/pull/9988 patch

Affected products

wolfssl

=<5.8.4

Matching in nixpkgs

pkgs.wolfssl

Small, fast, portable implementation of TLS/SSL for embedded devices

nixos-unstable 5.8.4
- nixpkgs-unstable 5.8.4
- nixos-unstable-small 5.8.4
nixos-25.11 5.8.4
- nixos-25.11-small 5.8.4
- nixpkgs-25.11-darwin 5.8.4

Package maintainers

@vifino Adrian Pistol <vifino@tty.sh>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>

Upstream patch: https://github.com/wolfSSL/wolfssl/commit/ddc177b669cff9d3c7e1b51751f9df73062b872a

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0696

References

Affected products

Matching in nixpkgs

pkgs.wolfssl

Package maintainers