{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78838?format=json","vulnerability_id":"VCID-n82v-xc94-gqf2","summary":"Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_DecodePacket. The underflow wraps a 16-bit length to a large value that is passed to AEAD decryption routines, causing heap buffer overflow and a crash. An unauthenticated attacker can trigger this remotely via malformed TLS Application Data records.","aliases":[{"alias":"CVE-2026-1005"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116295?format=json","purl":"pkg:apk/alpine/wolfssl@5.9.0-r0?arch=aarch64&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/wolfssl@5.9.0-r0%3Farch=aarch64&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/116296?format=json","purl":"pkg:apk/alpine/wolfssl@5.9.0-r0?arch=armhf&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/wolfssl@5.9.0-r0%3Farch=armhf&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/116297?format=json","purl":"pkg:apk/alpine/wolfssl@5.9.0-r0?arch=armv7&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/wolfssl@5.9.0-r0%3Farch=armv7&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/116298?format=json","purl":"pkg:apk/alpine/wolfssl@5.9.0-r0?arch=loongarch64&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/wolfssl@5.9.0-r0%3Farch=loongarch64&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/116299?format=json","purl":"pkg:apk/alpine/wolfssl@5.9.0-r0?arch=ppc64le&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/wolfssl@5.9.0-r0%3Farch=ppc64le&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/116300?format=json","purl":"pkg:apk/alpine/wolfssl@5.9.0-r0?arch=riscv64&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/wolfssl@5.9.0-r0%3Farch=riscv64&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/116301?format=json","purl":"pkg:apk/alpine/wolfssl@5.9.0-r0?arch=s390x&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/wolfssl@5.9.0-r0%3Farch=s390x&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/116303?format=json","purl":"pkg:apk/alpine/wolfssl@5.9.0-r0?arch=x86_64&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/wolfssl@5.9.0-r0%3Farch=x86_64&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/116302?format=json","purl":"pkg:apk/alpine/wolfssl@5.9.0-r0?arch=x86&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/wolfssl@5.9.0-r0%3Farch=x86&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/118748?format=json","purl":"pkg:apk/alpine/wolfssl@5.9.1-r0?arch=aarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/wolfssl@5.9.1-r0%3Farch=aarch64&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/118749?format=json","purl":"pkg:apk/alpine/wolfssl@5.9.1-r0?arch=armhf&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/wolfssl@5.9.1-r0%3Farch=armhf&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/118750?format=json","purl":"pkg:apk/alpine/wolfssl@5.9.1-r0?arch=armv7&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/wolfssl@5.9.1-r0%3Farch=armv7&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/118751?format=json","purl":"pkg:apk/alpine/wolfssl@5.9.1-r0?arch=loongarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/wolfssl@5.9.1-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/118752?format=json","purl":"pkg:apk/alpine/wolfssl@5.9.1-r0?arch=ppc64le&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/wolfssl@5.9.1-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/118753?format=json","purl":"pkg:apk/alpine/wolfssl@5.9.1-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/wolfssl@5.9.1-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/118754?format=json","purl":"pkg:apk/alpine/wolfssl@5.9.1-r0?arch=s390x&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/wolfssl@5.9.1-r0%3Farch=s390x&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/118756?format=json","purl":"pkg:apk/alpine/wolfssl@5.9.1-r0?arch=x86_64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/wolfssl@5.9.1-r0%3Farch=x86_64&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/118755?format=json","purl":"pkg:apk/alpine/wolfssl@5.9.1-r0?arch=x86&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/wolfssl@5.9.1-r0%3Farch=x86&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/107509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/107480?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/107479?format=json","purl":"pkg:deb/debian/wolfssl@4.6.0%2Bp1-0%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cpy-8cfg-m7by"},{"vulnerability":"VCID-3t6f-4338-2ufb"},{"vulnerability":"VCID-4kqw-4h4n-1kh1"},{"vulnerability":"VCID-5fxd-yhdh-93c3"},{"vulnerability":"VCID-5rh9-apbs-h3h3"},{"vulnerability":"VCID-5t9e-3e1y-x3gq"},{"vulnerability":"VCID-5uj4-cczj-k3br"},{"vulnerability":"VCID-6s5y-9ebe-g3fg"},{"vulnerability":"VCID-8cky-7dxn-q3gn"},{"vulnerability":"VCID-9r5u-7n3h-kuhf"},{"vulnerability":"VCID-ahuu-nu9f-v7h6"},{"vulnerability":"VCID-bcmv-4zxw-p3gz"},{"vulnerability":"VCID-cgfe-yefp-p3hf"},{"vulnerability":"VCID-cwum-6frr-jkcu"},{"vulnerability":"VCID-d53m-u8a8-j3dw"},{"vulnerability":"VCID-dmpm-jrvj-dfe9"},{"vulnerability":"VCID-dvxj-cpr2-dqfq"},{"vulnerability":"VCID-e6n7-fdre-gqbp"},{"vulnerability":"VCID-esbj-656n-qff2"},{"vulnerability":"VCID-fmtg-ud6q-hqdh"},{"vulnerability":"VCID-g2kr-25e3-jff3"},{"vulnerability":"VCID-gcw5-nqf5-c3g3"},{"vulnerability":"VCID-gfcx-vysg-nqde"},{"vulnerability":"VCID-grds-ffsq-dkg8"},{"vulnerability":"VCID-gtqk-pj1r-f7fy"},{"vulnerability":"VCID-j747-p6qq-zff9"},{"vulnerability":"VCID-jvt4-vdz2-53f7"},{"vulnerability":"VCID-jzhy-drxb-xuca"},{"vulnerability":"VCID-ktww-nfwa-s3a1"},{"vulnerability":"VCID-mwtq-ctz8-vygv"},{"vulnerability":"VCID-n1eq-1t8y-8qg6"},{"vulnerability":"VCID-n82v-xc94-gqf2"},{"vulnerability":"VCID-nctg-w5ay-jqaa"},{"vulnerability":"VCID-pjhe-euye-1uck"},{"vulnerability":"VCID-q4qr-d5rm-q3dn"},{"vulnerability":"VCID-qb2p-81us-s7gh"},{"vulnerability":"VCID-rhdd-gnfj-qbcm"},{"vulnerability":"VCID-s7df-gz2p-3kb5"},{"vulnerability":"VCID-ss2x-qr7v-k7cy"},{"vulnerability":"VCID-sur7-4jwh-5bew"},{"vulnerability":"VCID-t1t2-esy1-u7cu"},{"vulnerability":"VCID-t44y-2qrf-3uah"},{"vulnerability":"VCID-tav9-1pth-2qc8"},{"vulnerability":"VCID-tzqp-bbba-skcy"},{"vulnerability":"VCID-u28v-ghu2-57hb"},{"vulnerability":"VCID-uabc-8bk1-f3gj"},{"vulnerability":"VCID-ucxr-u4qd-3qf6"},{"vulnerability":"VCID-urnp-9f8c-gqfb"},{"vulnerability":"VCID-ux6x-sdfm-63d5"},{"vulnerability":"VCID-vn8z-tsnh-1yd3"},{"vulnerability":"VCID-vuu8-zbbs-hqar"},{"vulnerability":"VCID-vw28-tt5y-qkgz"},{"vulnerability":"VCID-w78b-1t7y-6kex"},{"vulnerability":"VCID-wa7e-xast-t3dv"},{"vulnerability":"VCID-wpxx-p3cu-tqhx"},{"vulnerability":"VCID-xc3b-jpen-q3h4"},{"vulnerability":"VCID-z1d5-7eje-nfcp"},{"vulnerability":"VCID-zhqa-43p5-vkfb"},{"vulnerability":"VCID-ztr5-x7m4-d7e6"},{"vulnerability":"VCID-zw7v-pke6-xqcf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@4.6.0%252Bp1-0%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/107477?format=json","purl":"pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cpy-8cfg-m7by"},{"vulnerability":"VCID-3t6f-4338-2ufb"},{"vulnerability":"VCID-4kqw-4h4n-1kh1"},{"vulnerability":"VCID-5fxd-yhdh-93c3"},{"vulnerability":"VCID-5rh9-apbs-h3h3"},{"vulnerability":"VCID-5t9e-3e1y-x3gq"},{"vulnerability":"VCID-5uj4-cczj-k3br"},{"vulnerability":"VCID-6s5y-9ebe-g3fg"},{"vulnerability":"VCID-8cky-7dxn-q3gn"},{"vulnerability":"VCID-9r5u-7n3h-kuhf"},{"vulnerability":"VCID-ahuu-nu9f-v7h6"},{"vulnerability":"VCID-bcmv-4zxw-p3gz"},{"vulnerability":"VCID-cgfe-yefp-p3hf"},{"vulnerability":"VCID-cwum-6frr-jkcu"},{"vulnerability":"VCID-d53m-u8a8-j3dw"},{"vulnerability":"VCID-dmpm-jrvj-dfe9"},{"vulnerability":"VCID-dvxj-cpr2-dqfq"},{"vulnerability":"VCID-e6n7-fdre-gqbp"},{"vulnerability":"VCID-esbj-656n-qff2"},{"vulnerability":"VCID-fmtg-ud6q-hqdh"},{"vulnerability":"VCID-g2kr-25e3-jff3"},{"vulnerability":"VCID-gcw5-nqf5-c3g3"},{"vulnerability":"VCID-grds-ffsq-dkg8"},{"vulnerability":"VCID-gtqk-pj1r-f7fy"},{"vulnerability":"VCID-j747-p6qq-zff9"},{"vulnerability":"VCID-jvt4-vdz2-53f7"},{"vulnerability":"VCID-jzhy-drxb-xuca"},{"vulnerability":"VCID-ktww-nfwa-s3a1"},{"vulnerability":"VCID-mwtq-ctz8-vygv"},{"vulnerability":"VCID-n1eq-1t8y-8qg6"},{"vulnerability":"VCID-n82v-xc94-gqf2"},{"vulnerability":"VCID-nctg-w5ay-jqaa"},{"vulnerability":"VCID-pjhe-euye-1uck"},{"vulnerability":"VCID-q4qr-d5rm-q3dn"},{"vulnerability":"VCID-qb2p-81us-s7gh"},{"vulnerability":"VCID-rhdd-gnfj-qbcm"},{"vulnerability":"VCID-s7df-gz2p-3kb5"},{"vulnerability":"VCID-ss2x-qr7v-k7cy"},{"vulnerability":"VCID-sur7-4jwh-5bew"},{"vulnerability":"VCID-t1t2-esy1-u7cu"},{"vulnerability":"VCID-t44y-2qrf-3uah"},{"vulnerability":"VCID-tav9-1pth-2qc8"},{"vulnerability":"VCID-tzqp-bbba-skcy"},{"vulnerability":"VCID-u28v-ghu2-57hb"},{"vulnerability":"VCID-uabc-8bk1-f3gj"},{"vulnerability":"VCID-ucxr-u4qd-3qf6"},{"vulnerability":"VCID-urnp-9f8c-gqfb"},{"vulnerability":"VCID-ux6x-sdfm-63d5"},{"vulnerability":"VCID-vn8z-tsnh-1yd3"},{"vulnerability":"VCID-vw28-tt5y-qkgz"},{"vulnerability":"VCID-wa7e-xast-t3dv"},{"vulnerability":"VCID-wpxx-p3cu-tqhx"},{"vulnerability":"VCID-xc3b-jpen-q3h4"},{"vulnerability":"VCID-z1d5-7eje-nfcp"},{"vulnerability":"VCID-zhqa-43p5-vkfb"},{"vulnerability":"VCID-ztr5-x7m4-d7e6"},{"vulnerability":"VCID-zw7v-pke6-xqcf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.4-2%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/107481?format=json","purl":"pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cpy-8cfg-m7by"},{"vulnerability":"VCID-3t6f-4338-2ufb"},{"vulnerability":"VCID-4kqw-4h4n-1kh1"},{"vulnerability":"VCID-5fxd-yhdh-93c3"},{"vulnerability":"VCID-5t9e-3e1y-x3gq"},{"vulnerability":"VCID-5uj4-cczj-k3br"},{"vulnerability":"VCID-6s5y-9ebe-g3fg"},{"vulnerability":"VCID-8cky-7dxn-q3gn"},{"vulnerability":"VCID-9r5u-7n3h-kuhf"},{"vulnerability":"VCID-ahuu-nu9f-v7h6"},{"vulnerability":"VCID-bcmv-4zxw-p3gz"},{"vulnerability":"VCID-cgfe-yefp-p3hf"},{"vulnerability":"VCID-cwum-6frr-jkcu"},{"vulnerability":"VCID-d53m-u8a8-j3dw"},{"vulnerability":"VCID-dmpm-jrvj-dfe9"},{"vulnerability":"VCID-e6n7-fdre-gqbp"},{"vulnerability":"VCID-esbj-656n-qff2"},{"vulnerability":"VCID-g2kr-25e3-jff3"},{"vulnerability":"VCID-j747-p6qq-zff9"},{"vulnerability":"VCID-jzhy-drxb-xuca"},{"vulnerability":"VCID-ktww-nfwa-s3a1"},{"vulnerability":"VCID-mwtq-ctz8-vygv"},{"vulnerability":"VCID-n82v-xc94-gqf2"},{"vulnerability":"VCID-nctg-w5ay-jqaa"},{"vulnerability":"VCID-pjhe-euye-1uck"},{"vulnerability":"VCID-q4qr-d5rm-q3dn"},{"vulnerability":"VCID-qb2p-81us-s7gh"},{"vulnerability":"VCID-rhdd-gnfj-qbcm"},{"vulnerability":"VCID-s7df-gz2p-3kb5"},{"vulnerability":"VCID-ss2x-qr7v-k7cy"},{"vulnerability":"VCID-sur7-4jwh-5bew"},{"vulnerability":"VCID-t1t2-esy1-u7cu"},{"vulnerability":"VCID-t44y-2qrf-3uah"},{"vulnerability":"VCID-tav9-1pth-2qc8"},{"vulnerability":"VCID-tzqp-bbba-skcy"},{"vulnerability":"VCID-uabc-8bk1-f3gj"},{"vulnerability":"VCID-ucxr-u4qd-3qf6"},{"vulnerability":"VCID-urnp-9f8c-gqfb"},{"vulnerability":"VCID-ux6x-sdfm-63d5"},{"vulnerability":"VCID-vn8z-tsnh-1yd3"},{"vulnerability":"VCID-vw28-tt5y-qkgz"},{"vulnerability":"VCID-wa7e-xast-t3dv"},{"vulnerability":"VCID-xc3b-jpen-q3h4"},{"vulnerability":"VCID-z1d5-7eje-nfcp"},{"vulnerability":"VCID-zhqa-43p5-vkfb"},{"vulnerability":"VCID-zw7v-pke6-xqcf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1%3Fdistro=trixie"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1005","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23294","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1005"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/9571","reference_id":"9571","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:19:54Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/9571"}],"weaknesses":[{"cwe_id":191,"name":"Integer Underflow (Wrap or Wraparound)","description":"The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result."}],"exploits":[],"severity_range_score":"2.1 - 2.1","exploitability":"0.5","weighted_severity":"1.9","risk_score":0.9,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n82v-xc94-gqf2"}