Medium severity5.3NVD Advisory· Published Mar 19, 2026· Updated Apr 29, 2026
CVE-2026-1005
CVE-2026-1005
Description
Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_DecodePacket. The underflow wraps a 16-bit length to a large value that is passed to AEAD decryption routines, causing heap buffer overflow and a crash. An unauthenticated attacker can trigger this remotely via malformed TLS Application Data records.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/wolfSSL/wolfssl/pull/9571nvdIssue TrackingPatch
News mentions
0No linked articles in our index yet.