PatchSiren

wolfSSL CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL wolfSSL CVE published 2026-04-09

CVE-2026-5194

## Summary A critical vulnerability in wolfSSL allows ECDSA signature verification to accept digests smaller than cryptographically appropriate when EdDSA or ML-DSA is also enabled. Missing hash/digest size and OID checks permit undersized digests during ECDSA certificate verification, weakening authentication security when the CA public key is known. ## Technical Details The flaw exists in wolfSSL's sign [truncated]

MEDIUM Wolfssl CVE published 2017-02-24

CVE-2017-6076

CVE-2017-6076 affects wolfSSL versions before 3.10.2. According to the published advisory text, the fp_mul_comba function can make it easier for a malicious user with access to view cache on a machine to extract RSA key information. The issue was published on 2017-02-24 and later NVD metadata confirms the fixed boundary at 3.10.2.