Unrated severityNVD Advisory· Published Mar 19, 2026· Updated Mar 24, 2026
ECH parsing heap buffer overflow
CVE-2026-3549
Description
Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- wofSSL/wolfSSLv5Range: 0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.