CVE-2026-5448

NameCVE-2026-5448
DescriptionX.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. This is only triggered when calling these two APIs directly from an application, and does not affect TLS or certificate verify operations in wolfSSL.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
wolfssl (PTS)bullseye4.6.0+p1-0+deb11u2vulnerable
bookworm5.5.4-2+deb12u2vulnerable
trixie5.7.2-0.1+deb13u1vulnerable
forky, sid5.9.0-0.2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
wolfsslsource(unstable)(unfixed)

Notes

https://github.com/wolfSSL/wolfssl/pull/10071
Fixed by (merge): https://github.com/wolfSSL/wolfssl/commit/4dc347082c9d7ac9968cd67f0a5f0438dea45b18 (v5.9.1-stable)
Search for package or bug name: Reporting problems