CVE-2026-3849 | wolfSSL up to 5.8.4 ECH wc_HpkeLabeledExtract out-of-bounds write

Inserito da Angelo Barbosa | Mar 20, 2026 | CVE

A vulnerability, which was classified as critical, has been found in wolfSSL up to 5.8.4. This affects the function wc_HpkeLabeledExtract of the component ECH Handler. This manipulation causes out-of-bounds write.

This vulnerability appears as CVE-2026-3849. The attack may be initiated remotely. There is no available exploit.

It is suggested to install a patch to address this issue.

CVE-2026-3849 | wolfSSL up to 5.8.4 ECH wc_HpkeLabeledExtract out-of-bounds write

Post correlati

CVE-2023-34054 | VMware Spring Reactor Netty up to 1.0.38/1.1.12 HTTP denial of service

CVE-2024-54523 | Apple watchOS memory corruption

CVE-2024-49227 | Innovaweb Free Stock Photos Foter Plugin up to 1.5.4 on WordPress deserialization

CVE-2025-13434 | jameschz Hush Framework 2.0 HTTP Host Header Util.php $_SERVER[‘HOST’] http headers for scripting syntax