NIXPKGS-2026-1063

GitHub issue published on

Permalink CVE-2026-5188

updated 2 weeks, 4 days ago by @LeSuisse Activity log

Created suggestion 2 weeks, 4 days ago
@LeSuisse accepted 2 weeks, 4 days ago
@LeSuisse published on GitHub 2 weeks, 4 days ago

Integer underflow in X.509 SAN parsing in wolfSSL

An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This results in incorrect handling of certificate data. The issue is limited to configurations using the original ASN.1 parsing implementation which is off by default.

References

https://github.com/wolfSSL/wolfssl/pull/10024

Affected products

wolfSSL

=<5.9.0

Matching in nixpkgs

pkgs.wolfssl

Small, fast, portable implementation of TLS/SSL for embedded devices

nixos-unstable 5.9.0
- nixpkgs-unstable 5.9.0
- nixos-unstable-small 5.9.0
nixos-25.11 5.9.0
- nixos-25.11-small 5.9.0
- nixpkgs-25.11-darwin 5.9.0

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@vifino Adrian Pistol <vifino@tty.sh>

Nixpkgs security tracker

Details of issue NIXPKGS-2026-1063

References

Affected products

Matching in nixpkgs

pkgs.wolfssl

Package maintainers