{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-5448","assignerOrgId":"50d2cd11-d01a-48ed-9441-5bfce9d63b27","state":"PUBLISHED","assignerShortName":"wolfSSL","dateReserved":"2026-04-02T20:24:47.039Z","datePublished":"2026-04-09T23:18:15.780Z","dateUpdated":"2026-04-10T13:51:56.742Z"},"containers":{"cna":{"providerMetadata":{"orgId":"50d2cd11-d01a-48ed-9441-5bfce9d63b27","shortName":"wolfSSL","dateUpdated":"2026-04-09T23:18:15.780Z"},"title":"1-2 Byte Buffer Overflow in wolfSSL_X509_notAfter/notBefore","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-122","description":"CWE-122 Heap-based Buffer Overflow","type":"CWE"}]}],"affected":[{"vendor":"wolfSSL","product":"wolfSSL","repo":"https://github.com/wolfSSL/wolfssl","versions":[{"status":"affected","version":"0","lessThan":"5.9.1","versionType":"server"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. This is only triggered when calling these two APIs directly from an application, and does not affect TLS or certificate verify operations in wolfSSL.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. This is only triggered when calling these two APIs directly from an application, and does not affect TLS or certificate verify operations in wolfSSL.</p>"}]}],"references":[{"url":"https://github.com/wolfSSL/wolfssl/pull/10071"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"GREEN","version":"4.0","baseSeverity":"LOW","baseScore":2.3,"vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/U:Green"}}],"credits":[{"lang":"en","value":"Sunwoo Lee, Korea Institute of Energy Technology (KENTECH)","type":"finder"},{"lang":"en","value":"Seunghyun Yoon, Korea Institute of Energy Technology (KENTECH)","type":"finder"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 1.0.1"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-10T13:51:49.237675Z","id":"CVE-2026-5448","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-10T13:51:56.742Z"}}]}}