CVE-2026-5503

Published: Apr 9, 2026

Modified: Apr 10, 2026

PUBLISHED

Description

In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find returned NULL. This caused TLSX_UseSNI to attach the attacker-controlled publicName to the shared WOLFSSL_CTX when no inner SNI was configured. TLSX_EchRestoreSNI then failed to clean it up because its removal was gated on serverNameX != NULL. The inner ClientHello was sized before the pollution but written after it, causing TLSX_SNI_Write to memcpy 255 bytes past the allocation boundary.

Vendor	Product	Versions
wolfSSL	wolfSSL	affected `0 - <= 5.9.0`

Weaknesses (CWE)

CWE-787

References

https://github.com/wolfSSL/wolfssl/pull/10102

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-5503

Description

Affected Products

Weaknesses (CWE)

References