VDB
CVE-2026-3229
CVE-2026-3229
PUBLISHED
CVSS 1.2000000476837158 LOW
An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certificate buffer. wolfssl_add_to_chain is called by these API: wolfSSL_CTX_add_extra_chain_cert, wolfSSL_CTX_add1_chain_cert, wolfSSL_add0_chain_cert. These API are enabled for 3rd party compatibility features: enable-opensslall, enable-opensslextra, enable-lighty, enable-stunnel, enable-nginx, enable-haproxy. This issue is not remotely exploitable, and would require that the application context loading certificates is compromised.
EPSS 0.02% · 4.5th percentile
Risk Scores
CVSS v4.0
1.2000000476837158
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green
EPSS Score
0.02%
4.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| wolfssl | wolfssl | 0, 0, 0 |
| wofSSL | wolfSSL | 0, 0, 0 |
Timeline
- Mar 19, 2026 CVE Published
- Mar 20, 2026 EPSS Score
- Mar 20, 2026 CVE Updated
- Mar 21, 2026 EPSS Score
- Mar 22, 2026 EPSS Score
- Mar 22, 2026 Coalition ESS Score
- Mar 23, 2026 EPSS Score
- Mar 24, 2026 EPSS Score
- Mar 25, 2026 EPSS Score
- Mar 29, 2026 Security Advisory
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score