GHSA-6q89-vxvr-wgv2LowCVSS 5.3

The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing...

Published
June 25, 2026
Last Modified
June 27, 2026

🔗 CVE IDs covered (1)

📋 Description

The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release.

🔗 References (4)