wolfSSL
diff --git a/‎.gitignore‎
Lines changed: 10 additions & 0 deletions b/‎.gitignore‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎Makefile.am‎
Lines changed: 66 additions & 0 deletions b/‎Makefile.am‎
Lines changed: 66 additions & 0 deletions
diff --git a/‎advisories/records/CVE-2026-5501.json‎
Lines changed: 122 additions & 0 deletions b/‎advisories/records/CVE-2026-5501.json‎
Lines changed: 122 additions & 0 deletions
diff --git a/‎advisories/records/CVE-2026-5778.json‎
Lines changed: 122 additions & 0 deletions b/‎advisories/records/CVE-2026-5778.json‎
Lines changed: 122 additions & 0 deletions
diff --git a/‎advisories/vex-overlay.json‎
Lines changed: 21 additions & 0 deletions b/‎advisories/vex-overlay.json‎
Lines changed: 21 additions & 0 deletions
@@ -20,6 +20,16 @@ ctaocrypt/src/src/
 /_sbom_staging/
 /_bomsh.conf
 /bomsh_raw_logfile*
+
+# Generated advisory documents (produced by `make advisory` /
+# `scripts/gen-advisory`). Inputs under advisories/records/ and
+# advisories/vex-overlay.json are tracked; the generated out/ tree is not.
+/advisories/out/
+
+# Node deps pulled in only by the CSAF conformance check
+# (scripts/csaf_validate.mjs uses @secvisogram/csaf-validator-lib).
+/node_modules/
+/package-lock.json
 *.user
 !*-VS2022.vcxproj.user
 configure
 
@@ -490,6 +490,72 @@ uninstall-sbom:
 
 CLEANFILES += $(SBOM_CDX) $(SBOM_SPDX) $(SBOM_SPDX_TV)
 
+# Security advisory generation (CSAF 2.0 + CycloneDX 1.6 VEX)
+#
+# `make advisory` is a thin wrapper around scripts/gen-advisory: it feeds the
+# script the canonical advisory single-source-of-truth under advisories/ and is
+# byte-for-byte interchangeable with running the script by hand.  Equivalent
+# invocations:
+#
+#     make advisory
+#     python3 scripts/gen-advisory                       # uses the same defaults
+#     python3 scripts/gen-advisory \
+#         --records-dir advisories/records \
+#         --vex-overlay advisories/vex-overlay.json \
+#         --out-dir advisories/out
+#
+# Inputs  (tracked in git): advisories/records/CVE-*.json + advisories/vex-overlay.json
+# Outputs (build artifacts): advisories/out/CVE-*.{csaf,cdx}.json
+ADVISORY_RECORDS_DIR = $(srcdir)/advisories/records
+ADVISORY_OVERLAY     = $(srcdir)/advisories/vex-overlay.json
+ADVISORY_OUT_DIR     = $(abs_builddir)/advisories/out
+advisorydir          = $(datadir)/doc/$(PACKAGE)/advisories
+
+.PHONY: advisory install-advisory uninstall-advisory
+
+# Generate one CSAF + one CycloneDX VEX document per CVE record.  Honors
+# SOURCE_DATE_EPOCH for reproducible output (set from the last git commit when
+# unset and a git tree is available), exactly like `make sbom`.
+advisory:
+	@if test -z "$(PYTHON3)"; then \
+	    echo ""; \
+	    echo "ERROR: 'python3' not found in PATH. Cannot generate advisories."; \
+	    echo ""; \
+	    exit 1; \
+	fi
+	@set -e; \
+	if test -z "$${SOURCE_DATE_EPOCH:-}" && test -n "$(GIT)" && \
+	   $(GIT) -C "$(srcdir)" rev-parse --git-dir >/dev/null 2>&1; then \
+	    sde=`$(GIT) -C "$(srcdir)" log -1 --format=%ct 2>/dev/null`; \
+	    if test -n "$$sde"; then \
+	        SOURCE_DATE_EPOCH="$$sde"; \
+	        export SOURCE_DATE_EPOCH; \
+	    fi; \
+	fi; \
+	$(PYTHON3) $(srcdir)/scripts/gen-advisory \
+	    --records-dir $(ADVISORY_RECORDS_DIR) \
+	    --vex-overlay $(ADVISORY_OVERLAY) \
+	    --out-dir $(ADVISORY_OUT_DIR)
+
+install-advisory: advisory
+	$(MKDIR_P) $(DESTDIR)$(advisorydir)
+	@for f in $(ADVISORY_OUT_DIR)/*.json; do \
+	    echo " $(INSTALL_DATA) $$f $(DESTDIR)$(advisorydir)/"; \
+	    $(INSTALL_DATA) "$$f" $(DESTDIR)$(advisorydir)/; \
+	done
+
+uninstall-advisory:
+	-rm -f $(DESTDIR)$(advisorydir)/*.csaf.json
+	-rm -f $(DESTDIR)$(advisorydir)/*.cdx.json
+
+CLEANFILES += advisories/out/*.csaf.json advisories/out/*.cdx.json
+
+# Ship the advisory generator inputs in the dist tarball so a downstream
+# consumer can `./configure && make advisory` from a release.
+EXTRA_DIST += advisories/records/CVE-2026-5501.json \
+              advisories/records/CVE-2026-5778.json \
+              advisories/vex-overlay.json
+
 # Bomsh (OmniBOR build artifact tracing + SBOM enrichment)
 BOMSH_RAWLOG_BASE      = $(abs_builddir)/bomsh_raw_logfile
 BOMSH_RAWLOG           = $(BOMSH_RAWLOG_BASE).sha1
 
@@ -0,0 +1,122 @@
+{
+    "dataType": "CVE_RECORD",
+    "dataVersion": "5.2",
+    "cveMetadata": {
+        "cveId": "CVE-2026-5501",
+        "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27",
+        "state": "PUBLISHED",
+        "assignerShortName": "wolfSSL",
+        "dateReserved": "2026-04-03T15:46:09.302Z",
+        "datePublished": "2026-04-10T03:07:39.604Z",
+        "dateUpdated": "2026-04-22T13:59:28.514Z"
+    },
+    "containers": {
+        "cna": {
+            "providerMetadata": {
+                "orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27",
+                "shortName": "wolfSSL",
+                "dateUpdated": "2026-04-10T03:07:39.604Z"
+            },
+            "title": "Improper Certificate Signature Verification in X.509 Chain Validation Allows Forged Leaf Certificates",
+            "problemTypes": [
+                {
+                    "descriptions": [
+                        {
+                            "lang": "en",
+                            "cweId": "CWE-295",
+                            "description": "CWE-295 Improper certificate validation",
+                            "type": "CWE"
+                        }
+                    ]
+                }
+            ],
+            "affected": [
+                {
+                    "vendor": "wolfSSL",
+                    "product": "wolfSSL",
+                    "modules": [
+                        "wolfSSL_X509_verify_cert"
+                    ],
+                    "programFiles": [
+                        "src/x509_str.c"
+                    ],
+                    "versions": [
+                        {
+                            "status": "affected",
+                            "version": "0",
+                            "lessThanOrEqual": "5.9.0",
+                            "versionType": "semver"
+                        }
+                    ],
+                    "defaultStatus": "unaffected"
+                }
+            ],
+            "descriptions": [
+                {
+                    "lang": "en",
+                    "value": "wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints `CA:FALSE` that is legitimately signed by a trusted root. An attacker who obtains any leaf certificate from a trusted CA (e.g. a free DV cert from Let's Encrypt) can forge a certificate for any subject name with any public key and arbitrary signature bytes, and the function returns `WOLFSSL_SUCCESS` / `X509_V_OK`. The native wolfSSL TLS handshake path (`ProcessPeerCerts`) is not susceptible and the issue is limited to applications using the OpenSSL compatibility API directly, which would include integrations of wolfSSL into nginx and haproxy.",
+                    "supportingMedia": [
+                        {
+                            "type": "text/html",
+                            "base64": false,
+                            "value": "wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints `CA:FALSE` that is legitimately signed by a trusted root. An attacker who obtains any leaf certificate from a trusted CA (e.g. a free DV cert from Let's Encrypt) can forge a certificate for any subject name with any public key and arbitrary signature bytes, and the function returns `WOLFSSL_SUCCESS` / `X509_V_OK`. The native wolfSSL TLS handshake path (`ProcessPeerCerts`) is not susceptible and the issue is limited to applications using the OpenSSL compatibility API directly, which would include integrations of wolfSSL into nginx and haproxy."
+                        }
+                    ]
+                }
+            ],
+            "references": [
+                {
+                    "url": "https://github.com/wolfSSL/wolfssl/pull/10102"
+                }
+            ],
+            "metrics": [
+                {
+                    "format": "CVSS",
+                    "scenarios": [
+                        {
+                            "lang": "en",
+                            "value": "GENERAL"
+                        }
+                    ],
+                    "cvssV4_0": {
+                        "attackVector": "NETWORK",
+                        "attackComplexity": "LOW",
+                        "attackRequirements": "NONE",
+                        "privilegesRequired": "LOW",
+                        "userInteraction": "NONE",
+                        "vulnConfidentialityImpact": "HIGH",
+                        "subConfidentialityImpact": "NONE",
+                        "vulnIntegrityImpact": "HIGH",
+                        "subIntegrityImpact": "NONE",
+                        "vulnAvailabilityImpact": "NONE",
+                        "subAvailabilityImpact": "NONE",
+                        "exploitMaturity": "NOT_DEFINED",
+                        "Safety": "NOT_DEFINED",
+                        "Automatable": "NOT_DEFINED",
+                        "Recovery": "NOT_DEFINED",
+                        "valueDensity": "NOT_DEFINED",
+                        "vulnerabilityResponseEffort": "NOT_DEFINED",
+                        "providerUrgency": "NOT_DEFINED",
+                        "version": "4.0",
+                        "baseSeverity": "HIGH",
+                        "baseScore": 8.6,
+                        "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
+                    }
+                }
+            ],
+            "credits": [
+                {
+                    "lang": "en",
+                    "value": "Calif.io in collaboration with Claude and Anthropic Research",
+                    "type": "finder"
+                }
+            ],
+            "source": {
+                "discovery": "EXTERNAL"
+            },
+            "x_generator": {
+                "engine": "Vulnogram 1.0.1"
+            }
+        }
+    }
+}
@@ -0,0 +1,122 @@
+{
+    "dataType": "CVE_RECORD",
+    "dataVersion": "5.2",
+    "cveMetadata": {
+        "cveId": "CVE-2026-5778",
+        "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27",
+        "state": "PUBLISHED",
+        "assignerShortName": "wolfSSL",
+        "dateReserved": "2026-04-08T08:25:15.400Z",
+        "datePublished": "2026-04-09T21:45:09.053Z",
+        "dateUpdated": "2026-04-10T13:53:29.181Z"
+    },
+    "containers": {
+        "cna": {
+            "providerMetadata": {
+                "orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27",
+                "shortName": "wolfSSL",
+                "dateUpdated": "2026-04-09T21:45:09.053Z"
+            },
+            "title": "Integer underflow leads to out-of-bounds access in sniffer ChaCha decrypt path.",
+            "problemTypes": [
+                {
+                    "descriptions": [
+                        {
+                            "lang": "en",
+                            "cweId": "CWE-191",
+                            "description": "CWE-191 Integer underflow (wrap or wraparound)",
+                            "type": "CWE"
+                        }
+                    ]
+                }
+            ],
+            "affected": [
+                {
+                    "vendor": "wolfSSL",
+                    "product": "wolfSSL",
+                    "modules": [
+                        "Packet sniffer"
+                    ],
+                    "programFiles": [
+                        "src/sniffer.c"
+                    ],
+                    "versions": [
+                        {
+                            "status": "affected",
+                            "version": "0",
+                            "lessThanOrEqual": "5.9.0",
+                            "versionType": "semver"
+                        }
+                    ],
+                    "defaultStatus": "unaffected"
+                }
+            ],
+            "descriptions": [
+                {
+                    "lang": "en",
+                    "value": "Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_DecodePacket. The underflow wraps a 16-bit length to a large value that is passed to AEAD decryption routines, causing a large out-of-bounds read and crash. An unauthenticated attacker can trigger this remotely via malformed TLS Application Data records.",
+                    "supportingMedia": [
+                        {
+                            "type": "text/html",
+                            "base64": false,
+                            "value": "Integer underflow in wolfSSL packet sniffer &lt;= 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_DecodePacket. The underflow wraps a 16-bit length to a large value that is passed to AEAD decryption routines, causing a large out-of-bounds read and crash. An unauthenticated attacker can trigger this remotely via malformed TLS Application Data records."
+                        }
+                    ]
+                }
+            ],
+            "references": [
+                {
+                    "url": "https://github.com/wolfSSL/wolfssl/pull/10125"
+                }
+            ],
+            "metrics": [
+                {
+                    "format": "CVSS",
+                    "scenarios": [
+                        {
+                            "lang": "en",
+                            "value": "GENERAL"
+                        }
+                    ],
+                    "cvssV4_0": {
+                        "attackVector": "NETWORK",
+                        "attackComplexity": "LOW",
+                        "attackRequirements": "PRESENT",
+                        "privilegesRequired": "LOW",
+                        "userInteraction": "PASSIVE",
+                        "vulnConfidentialityImpact": "NONE",
+                        "subConfidentialityImpact": "NONE",
+                        "vulnIntegrityImpact": "NONE",
+                        "subIntegrityImpact": "NONE",
+                        "vulnAvailabilityImpact": "LOW",
+                        "subAvailabilityImpact": "NONE",
+                        "exploitMaturity": "NOT_DEFINED",
+                        "Safety": "NOT_DEFINED",
+                        "Automatable": "NOT_DEFINED",
+                        "Recovery": "NOT_DEFINED",
+                        "valueDensity": "NOT_DEFINED",
+                        "vulnerabilityResponseEffort": "NOT_DEFINED",
+                        "providerUrgency": "NOT_DEFINED",
+                        "version": "4.0",
+                        "baseSeverity": "LOW",
+                        "baseScore": 2.1,
+                        "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
+                    }
+                }
+            ],
+            "credits": [
+                {
+                    "lang": "en",
+                    "value": "Zou Dikai",
+                    "type": "finder"
+                }
+            ],
+            "source": {
+                "discovery": "EXTERNAL"
+            },
+            "x_generator": {
+                "engine": "Vulnogram 1.0.1"
+            }
+        }
+    }
+}
@@ -0,0 +1,21 @@
+{
+  "_comment": "Canonical wolfSSL VEX overlay consumed by `make advisory` / `scripts/gen-advisory`. Keyed by CVE id; carries the determinations the CVE Program record cannot express (analysis state, justification, fixed versions, remediation, optional FIPS product, optional build-reachability hedge). Constrained by scripts/advisory-vex-overlay.schema.json. To model a wolfCrypt FIPS module as a separate product, add a \"fips\" block per the format in scripts/advisory-vex-overlay.example.json using the real validated module version and CMVP certificate number (do NOT copy the illustrative placeholder values from the example).",
+
+  "CVE-2026-5501": {
+    "state": "exploitable",
+    "response": ["update"],
+    "detail": "Limited to applications using the OpenSSL compatibility API directly (wolfSSL_X509_verify_cert), such as nginx and haproxy integrations. The native wolfSSL TLS handshake path (ProcessPeerCerts) is not susceptible.",
+    "fixed_versions": ["5.9.1"],
+    "remediation": "Update to wolfSSL 5.9.1 or later, or avoid relying on wolfSSL_X509_verify_cert in the OpenSSL compatibility layer for chain validation."
+  },
+
+  "CVE-2026-5778": {
+    "state": "exploitable",
+    "response": ["update"],
+    "detail": "Integer underflow in the ChaCha20-Poly1305 decryption path of the packet sniffer.",
+    "requires_defines": ["WOLFSSL_SNIFFER", "HAVE_CHACHA", "HAVE_POLY1305"],
+    "default_status": "off",
+    "fixed_versions": ["5.9.1"],
+    "remediation": "Update to wolfSSL 5.9.1 or later. Builds without --enable-sniffer are not affected."
+  }
+}