{"id":"CVE-2026-12340","summary":"Out-of-bounds heap read in SM2/SM3 certificate Subject Key Identifier computation","details":"Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key Identifier computation reads the trailing 65 bytes of the public key without checking that the key is at least that long. A public key shorter than 65 bytes results in an out-of-bounds heap read, leading to a potential crash (denial of service); there is no out-of-bounds write. Note this only affects builds with SM2 support (--enable-sm2 or --enable-all).","modified":"2026-07-16T03:48:15.492485617Z","published":"2026-06-25T19:36:21.468Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/12xxx/CVE-2026-12340.json","cna_assigner":"wolfSSL","cwe_ids":["CWE-125"]},"references":[{"type":"WEB","url":"https://www.wolfssl.com/docs/security-vulnerabilities/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/12xxx/CVE-2026-12340.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-12340"},{"type":"FIX","url":"https://github.com/wolfSSL/wolfssl/pull/10641"},{"type":"PACKAGE","url":"https://github.com/wolfSSL/wolfssl"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wolfssl/wolfssl","events":[{"introduced":"37884f864d6fd9b04f44677cb04da15d0c9d6526"},{"fixed":"ac01707f552c611fbd135cc723b2682b3e7f80f2"}],"database_specific":{"source":["AFFECTED_FIELD","CPE_RANGE"],"cpe":"cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"5.6.4"},{"last_affected":"5.9.1"},{"fixed":"5.9.2"}]}}],"versions":["v5.9.1-stable","v5.9.0-stable","v5.8.4-stable","wolfEntropy2d","v5.8.2-stable","wolfEntropy1","v5.8.0-stable","v5.7.6-stable","v5.7.4-stable","v5.2.1","v5.7.2-stable","v5.7.0-stable","v5.6.6-stable","v5.6.4-stable"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-12340.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"}]}