DEBIAN-CVE-2026-0819

A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wcPKCS7BuildSignedAttributes(), when adding custom signed attributes, the code passes an incorrect capacity value (esd->signedAttribsCount) to EncodeAttributes() instead of the remaining available space in the fixed-size signedAttribs[7] array. When an application sets pkcs7->signedAttribsSz to a value greater than MAXSIGNEDATTRIBSSZ (default 7) minus the number of default attributes already added, EncodeAttributes() writes beyond the array bounds, causing stack memory corruption. In WOLFSSLSMALLSTACK builds, this becomes heap corruption. Exploitation requires an application that allows untrusted input to control the signedAttribs array size when calling wcPKCS7_EncodeSignedData() or related signing functions.