UBUNTU-CVE-2026-5504

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-5504

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-5504.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-5504

Upstream

CVE-2026-5504

Published

2026-04-09T23:17:00Z

Modified

2026-05-20T16:26:41.163155013Z

Severity

6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated.

References

Affected packages

Ubuntu:16.04:LTS

wolfssl

Package

Name: wolfssl
Purl: pkg:deb/ubuntu/wolfssl?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.4.8+dfsg-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "3.4.8+dfsg-1",
            "binary_name": "libcyassl5"
        },
        {
            "binary_version": "3.4.8+dfsg-1",
            "binary_name": "libwolfssl0"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-5504.json"

Ubuntu:18.04:LTS

wolfssl

Package

Name: wolfssl
Purl: pkg:deb/ubuntu/wolfssl?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.10.2+dfsg-2

3.12.0+dfsg-1

3.12.2+dfsg-1

3.13.0+dfsg-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "3.13.0+dfsg-1",
            "binary_name": "libwolfssl15"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-5504.json"

Ubuntu:20.04:LTS

wolfssl

Package

Name: wolfssl
Purl: pkg:deb/ubuntu/wolfssl?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.1.0+dfsg-2

4.2.0+dfsg-1

4.2.0+dfsg-2

4.2.0+dfsg-3

4.3.0+dfsg-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "4.3.0+dfsg-2",
            "binary_name": "libwolfssl24"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-5504.json"

Ubuntu:22.04:LTS

wolfssl

Package

Name: wolfssl
Purl: pkg:deb/ubuntu/wolfssl?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.6.0-3

5.*

5.0.0-1

5.1.1-1

5.2.0-1

5.2.0-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.2.0-2",
            "binary_name": "libwolfssl32"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-5504.json"

Ubuntu:24.04:LTS

wolfssl

Package

Name: wolfssl
Purl: pkg:deb/ubuntu/wolfssl?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.5.4-2

5.5.4-2.1

5.6.4-2

5.6.6-1.2

5.6.6-1.3

5.6.6-1.3build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.6.6-1.3build1",
            "binary_name": "libwolfssl42t64"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-5504.json"

Ubuntu:25.10

wolfssl

Package

Name: wolfssl
Purl: pkg:deb/ubuntu/wolfssl?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.7.2-0.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.7.2-0.1",
            "binary_name": "libwolfssl42t64"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-5504.json"

Ubuntu:26.04:LTS

wolfssl

Package

Name: wolfssl
Purl: pkg:deb/ubuntu/wolfssl?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.7.2-0.1

5.8.2-1.2

5.8.4-1

5.9.1-0.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.9.1-0.1",
            "binary_name": "libwolfssl44"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-5504.json"