Vulnerabilities

CVE-2026-3549

by Fred · 19/03/2026

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving.

More information : https://github.com/wolfSSL/wolfssl/pull/9817

Similar

Tags: Cybersecurity Alert