Unrated severityNVD Advisory· Published Mar 19, 2026· Updated Mar 21, 2026

wolfSSL: out-of-bounds read (DoS) in ALPN parsing due to incomplete validation

CVE-2026-3547

Description

Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled (HAVE_ALPN / --enable-alpn). A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash (denial of service). Note that ALPN is disabled by default, but is enabled for these 3rd party compatibility features: enable-apachehttpd, enable-bind, enable-curl, enable-haproxy, enable-hitch, enable-lighty, enable-jni, enable-nginx, enable-quic.

Affected products

WolfSSL/Wolfsslllm-fuzzy2 versions
<=5.8.4+ 1 more
- (no CPE)range: <=5.8.4
- (no CPE)range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/wolfSSL/wolfssl/pull/9859mitrepatch

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000