{"id":"CVE-2026-0930","summary":"Potential wolfSSHd Buffer out-of-bounds Read on Windows Handling Terminal Resize","details":"Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output.","modified":"2026-07-08T08:12:21.984645226Z","published":"2026-04-20T21:28:33.227Z","database_specific":{"cwe_ids":["CWE-126"],"cna_assigner":"wolfSSL","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/0xxx/CVE-2026-0930.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/0xxx/CVE-2026-0930.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0930"},{"type":"FIX","url":"https://github.com/wolfssl/wolfssh/pull/846"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wolfssl/wolfssh","events":[{"introduced":"60a29602e5893fd4e2ca0f4b6e2e05c6324154ed"},{"fixed":"8643d7be841184f766374e3b0ed68ced6391543c"}],"database_specific":{"extracted_events":[{"introduced":"1.4.15"},{"fixed":"1.5.0"}],"cpe":"cpe:2.3:a:wolfssh:wolfssh:*:*:*:*:*:*:*:*","source":["AFFECTED_FIELD","CPE_RANGE"]}}],"versions":["v1.4.22-stable","v1.4.21-stable","v1.4.20-stable","v1.4.19-stable","v1.4.18-stable","v1.4.17-stable","v1.4.15-stable","v1.4.16"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-0930.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"}]}