Security Advisory

CVE-2026-3549

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-19 20:09:27

Last updated 2026-03-24 01:38:13

Assigner wolfSSL

State PUBLISHED

Description

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving.

← Browse all CVEs View on cve.org ↗