ГлавнаяУязвимости → CVE-2026-3549
9.8критическая

CVE-2026-3549

Описание

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving.

Затрагиваемое ПО
Wolfssl Wolfssl
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/wolfSSL/wolfssl/pull/9817