new file mode 100644
@@ -0,0 +1,65 @@
+From 4d7eccf50dab080185d3a8763491e3febbcc257a Mon Sep 17 00:00:00 2001
+From: Eric Blankenhorn <eric@wolfssl.com>
+Date: Tue, 31 Mar 2026 08:56:23 -0500
+Subject: [PATCH] Fix CertFromX509 copy length check
+
+(cherry picked from commit 772cda3d489d867935202d59393a2ac85a5e6ef0)
+
+CVE: CVE-2026-5447
+Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/772cda3d489d867935202d59393a2ac85a5e6ef0]
+
+Dropped unit test changes during the backport.
+
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ src/x509.c | 33 ++++++++++++++++++---------------
+ 1 file changed, 18 insertions(+), 15 deletions(-)
+
+diff --git a/src/x509.c b/src/x509.c
+index 62e3774f4..cf44c7146 100644
+--- a/src/x509.c
++++ b/src/x509.c
+@@ -10622,25 +10622,28 @@ static int CertFromX509(Cert* cert, WOLFSSL_X509* x509)
+ return WOLFSSL_FAILURE;
+ }
+
+- if (x509->authKeyIdSz < sizeof(cert->akid)) {
+ #ifdef WOLFSSL_AKID_NAME
+- cert->rawAkid = 0;
+- if (x509->authKeyIdSrc) {
+- XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz);
+- cert->akidSz = (int)x509->authKeyIdSrcSz;
+- cert->rawAkid = 1;
++ cert->rawAkid = 0;
++ if (x509->authKeyIdSrc) {
++ if (x509->authKeyIdSrcSz > sizeof(cert->akid)) {
++ WOLFSSL_MSG("Auth Key ID too large");
++ WOLFSSL_ERROR_VERBOSE(BUFFER_E);
++ return WOLFSSL_FAILURE;
+ }
+- else
++ XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz);
++ cert->akidSz = (int)x509->authKeyIdSrcSz;
++ cert->rawAkid = 1;
++ }
++ else
+ #endif
+- if (x509->authKeyId) {
+- XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz);
+- cert->akidSz = (int)x509->authKeyIdSz;
++ if (x509->authKeyId) {
++ if (x509->authKeyIdSz > sizeof(cert->akid)) {
++ WOLFSSL_MSG("Auth Key ID too large");
++ WOLFSSL_ERROR_VERBOSE(BUFFER_E);
++ return WOLFSSL_FAILURE;
+ }
+- }
+- else {
+- WOLFSSL_MSG("Auth Key ID too large");
+- WOLFSSL_ERROR_VERBOSE(BUFFER_E);
+- return WOLFSSL_FAILURE;
++ XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz);
++ cert->akidSz = (int)x509->authKeyIdSz;
+ }
+
+ for (i = 0; i < x509->certPoliciesNb; i++) {
@@ -33,6 +33,7 @@ SRC_URI = " \
file://CVE-2026-5392.patch \
file://CVE-2026-5446-1.patch \
file://CVE-2026-5446-2.patch \
+ file://CVE-2026-5447.patch \
"
SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285"