CVE-2026-4395 PUBLISHED

Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path

Assigner: wolfSSL
Reserved: 18.03.2026 Published: 19.03.2026 Updated: 19.03.2026

Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffer via a crafted oversized EC public key point. The WOLFSSL_KCAPI_ECC code path copies the input to key->pubkey_raw (132 bytes) using XMEMCPY without a bounds check, unlike the ATECC code path which includes a length validation. This can be triggered during TLS key exchange when a malicious peer sends a crafted ECPoint in ServerKeyExchange.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/AU:Y/R:U/V:D/RE:L/U:Amber
CVSS Score: 1.3

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	Low	Confidentiality	None
Attack Complexity	Low	Integrity	Low	Integrity	None
Attack Requirements	Present	Availability	Low	Availability	None
Privileges Required	None
User Interaction	Passive

CVSS 4.0

Product Status

Vendor	wolfSSL
Product	wolfssl
Versions	Default: unaffected affected from 0 to 5.8.4 (incl.)

Workarounds

Build wolfSSL without WOLFSSL_KCAPI_ECC (this define is not enabled by default).

Solutions

Update to the wolfSSL version containing the fix from PR #9988, which adds a bounds check on inLen before the XMEMCPY to pubkey_raw in the KCAPI ECC code path.

Credits

Haruto Kimura (Stella) finder

References

https://github.com/wolfSSL/wolfssl/pull/9988

Problem Types

CWE-122 Heap-based Buffer Overflow CWE

Impacts

CAPEC-100 Overflow Buffers