GHSA-h6gc-rmv2-74g6MediumCVSS 9.1

Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData....

Published
June 25, 2026
Last Modified
June 26, 2026

🔗 CVE IDs covered (1)

📋 Description

Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS.

🔗 References (4)