CVE-2026-5264 PUBLISHED

DTLS 1.3 ACK heap buffer overflow

Assigner: wolfSSL
Reserved: 31.03.2026 Published: 09.04.2026 Updated: 10.04.2026

Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.3

Product Status

Vendor wolfSSL
Product wolfSSL
Versions Default: unaffected
  • affected from 0 to 5.9.1 (excl.)

Credits

  • Sunwoo Lee, Korea Institute of Energy Technology (KENTECH) finder
  • Seunghyun Yoon, Korea Institute of Energy Technology (KENTECH) finder

References

Problem Types

  • CWE-122 Heap-based Buffer Overflow CWE