CVE-2026-0930 - Vulnerability Details - OpenCVE

Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/wolfssl/wolfssh/pull/846

History

Mon, 20 Apr 2026 21:45:00 +0000

Type	Values Removed	Values Added
Description		Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output.
Title		Potential wolfSSHd Buffer out-of-bounds Read on Windows Handling Terminal Resize
Weaknesses		CWE-126
References		https://github.com/wolfssl/wolfssh/pull/846
Metrics		cvssV4_0 `{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published: 2026-04-20T21:28:33.227Z

Updated: 2026-04-20T21:28:33.227Z

Reserved: 2026-01-13T23:45:50.452Z

Link: CVE-2026-0930

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-20T22:16:23.210

Modified: 2026-04-20T22:16:23.210

Link: CVE-2026-0930

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0930", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "state": "PUBLISHED", "assignerShortName": "wolfSSL", "dateReserved": "2026-01-13T23:45:50.452Z", "datePublished": "2026-04-20T21:28:33.227Z", "dateUpdated": "2026-04-20T21:28:33.227Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2026-04-20T21:28:33.227Z"}, "title": "Potential wolfSSHd Buffer out-of-bounds Read on Windows Handling Terminal Resize", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-126", "description": "CWE-126 Buffer over-read", "type": "CWE"}]}], "affected": [{"vendor": "wolfSSL", "product": "wolfSSH", "versions": [{"status": "affected", "version": "1.4.15", "lessThan": "1.5.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Potential read out of bounds case with wolfSSHd on\u00a0Windows while handling a terminal resize request. An authenticated user could\u00a0trigger the out of bounds read after establishing a connection which would\u00a0leak the adjacent stack memory to the pseudo-console output.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Potential read out of bounds case with wolfSSHd on <span>Windows while handling a terminal resize request. An authenticated user could</span><span> </span><span>trigger the out of bounds read after establishing a connection which would</span><span> </span><span>leak the adjacent stack memory to the pseudo-console output.</span></p>"}]}], "references": [{"url": "https://github.com/wolfssl/wolfssh/pull/846"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "LOW", "baseScore": 2.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"}}], "credits": [{"lang": "en", "value": "Luigino Camastra", "type": "finder"}, {"lang": "en", "value": "Pavel Kohout", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Potential read out of bounds case with wolfSSHd on\u00a0Windows while handling a terminal resize request. An authenticated user could\u00a0trigger the out of bounds read after establishing a connection which would\u00a0leak the adjacent stack memory to the pseudo-console output."}], "id": "CVE-2026-0930", "lastModified": "2026-04-20T22:16:23.210", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "facts@wolfssl.com", "type": "Secondary"}]}, "published": "2026-04-20T22:16:23.210", "references": [{"source": "facts@wolfssl.com", "url": "https://github.com/wolfssl/wolfssh/pull/846"}], "sourceIdentifier": "facts@wolfssl.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-126"}], "source": "facts@wolfssl.com", "type": "Secondary"}]}