Use of the wolfSSL Vulnerability Report Template is mandatory. All security
reports must use SECURITY-REPORT-TEMPLATE.md,
with every required field completed. Reports that do not use the template, or
that leave required fields incomplete, will not receive CVE consideration.
Submit the completed template to support@wolfssl.com. You may also send it to secure@wolfssl.com and encrypt it with our PGP key:
Fingerprint: A2A4 8E7B CB96 C5BE CB98 7314 EBC8 0E41 5CA2 9677
Key server: keys.openpgp.org
Non-template submissions may still be reviewed on the merits and, where appropriate, addressed as hardening fixes in a future release.
Please keep the vulnerability private until a fix has been released.
For the full policy — severity rubric, scope, coordinated-disclosure practice,
and reporter credit — see SECURITY-POLICY.md. The same
policy is also published at
https://www.wolfssl.com/.well-known/vulnerability-disclosure-policy.txt so that
other wolfSSL repositories can reference one canonical copy.