CVE-2026-3547

wolfSSL: out-of-bounds read (DoS) in ALPN parsing due to incomplete validation

Assigner: wolfSSL
Reserved: 04.03.2026 Published: 19.03.2026 Updated: 19.03.2026

Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled (HAVE_ALPN / --enable-alpn). A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash (denial of service). Note that ALPN is disabled by default, but is enabled for these 3rd party compatibility features: enable-apachehttpd, enable-bind, enable-curl, enable-haproxy, enable-hitch, enable-lighty, enable-jni, enable-nginx, enable-quic.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 7.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	wolfSSL
Product	wolfSSL
Versions	Default: unaffected affected from 0 to 5.9.0 (excl.)

Vendor

wolfSSL

Product

wolfSSL

Versions

Default: unaffected

affected from 0 to 5.9.0 (excl.)

Workarounds

build without ALPN support if ALPN is not required.

Solutions

apply the fix in wolfssl/wolfssl#9859 (or upgrade to a release that includes it).

Credits

Oleh Konko finder

References

Problem Types

CWE-125: out-of-bounds read CWE

CVE-2026-3547 PUBLISHED