SunwooLee programsurf

Sunwoo Lee

Ph.D. Researcher @ KENTECH · Post-Quantum Cryptography · AI agent Security

CVE Discoveries

CVE-2026-5264 — wolfSSL DTLS 1.3 ACK heap buffer overflow (High, CWE-122)
CVE-2026-5295 — wolfSSL PKCS7 ORI OID stack buffer overflow (High, CWE-121)
CVE-2026-5393 — wolfSSL dual-algorithm CertificateVerify out-of-bounds read (Medium, CWE-125, Experimental; test credit)
CVE-2026-5448 — wolfSSL X.509 date buffer overflow in notAfter/notBefore compatibility API (Low, CWE-120)
CVE-2026-5504 — wolfSSL PKCS7 CBC padding oracle via unvalidated interior padding bytes (Medium, CWE-354)
CVE-2026-5507 — wolfSSL session cache arbitrary free via unvalidated deserialized pointer (Medium, CWE-761)
CVE-2026-34610 — leancrypto X.509 integer truncation enabling CN identity impersonation (CVSS 5.9, CWE-681)
CVE-2026-34981 — whisperX-FastAPI SSRF via unvalidated URL fetch with extension bypass (CVSS 5.8, CWE-918)
CVE-2026-35483 — text-generation-webui path traversal in load_template() leaks .jinja/.yaml files (CVSS 5.3, CWE-22)
CVE-2026-35484 — text-generation-webui path traversal in load_preset() leaks arbitrary .yaml files (CVSS 5.3, CWE-22)
CVE-2026-35485 — text-generation-webui path traversal in load_grammar() leaks arbitrary files (CVSS 7.5, CWE-22)
CVE-2026-35486 — text-generation-webui SSRF in superbooga RAG extensions enables cloud credential theft (CVSS 7.5, CWE-918)
CVE-2026-35487 — text-generation-webui path traversal in load_prompt() leaks arbitrary .txt files (CVSS 5.3, CWE-22)

Bug Reports

Microsoft SymCrypt #55 — ML-DSA UINT16 signing counter wrap causes nonce reuse (also reported upstream to pq-crystals/dilithium #110)
wolfSSL — LMS wc_LmsKey_Sign insufficient buffer size and missing callback validation
wolfSSL — Negative ASN.1 integer overflow in CRL number field decoding
wolfSSL — RSA exponent stack buffer overflow in wolfSSL_EVP_PKEY_print_public
wolfSSL — DTLS fragment reassembly reads uninitialized heap contents
wolfSSL — DTLS 1.3 word16 truncation on handshake send size
wolfSSL — Missing hashLen sanity check in wc_dilithium_verify_ctx_hash

Patch Contributions

OpenSSL #30611 — Uninitialized QUIC connection IDs (CWE-457)
OpenSSL #30612 — Channel memory leak on initial secret failure (CWE-401), backported to 3.3–4.0

Standards Contributions

Reported κ counter width ambiguity in FIPS 204 (ML-DSA) to NIST pqc-comments (2026-03-31) — spec-compliant implementations independently reproduce nonce reuse due to unspecified integer width

"A Maturity Model for Crypto-Agility in Substation Automation Systems", ICAIIC 2026
"Signed-Only Execution for Third-Party Pre-Trained Models in AI Platforms", IEEE BigData 2025
"Evaluating Post-Quantum Cryptography for Resource-Constrained AMI Gateways", IEEE CNS 2025