JLSEC-2026-691

Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-691.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-691.json
JSON Data
https://api.osv.dev/v1/vulns/JLSEC-2026-691
Upstream
  • EUVD-2026-13131
  • GHSA-3cr6-hpf3-2hmg
Published
2026-07-14T21:41:35.775Z
Modified
2026-07-14T21:50:12.910329621Z
Severity
  • 2.2 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U CVSS Calculator
Summary
A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality...
Details

A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wcPKCS7BuildSignedAttributes(), when adding custom signed attributes, the code passes an incorrect capacity value (esd->signedAttribsCount) to EncodeAttributes() instead of the remaining available space in the fixed-size signedAttribs[7] array. When an application sets pkcs7->signedAttribsSz to a value greater than MAXSIGNEDATTRIBSSZ (default 7) minus the number of default attributes already added, EncodeAttributes() writes beyond the array bounds, causing stack memory corruption. In WOLFSSLSMALLSTACK builds, this becomes heap corruption. Exploitation requires an application that allows untrusted input to control the signedAttribs array size when calling wcPKCS7_EncodeSignedData() or related signing functions.

Database specific
{
    "sources": [
        {
            "modified": "2026-06-17T10:11:26.320Z",
            "published": "2026-03-19T17:16:21.657Z",
            "imported": "2026-07-14T21:22:48.976Z",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0819",
            "id": "CVE-2026-0819",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-0819",
            "database_specific": {
                "status": "Analyzed"
            }
        },
        {
            "html_url": "https://github.com/advisories/GHSA-3cr6-hpf3-2hmg",
            "imported": "2026-07-14T21:23:02.404Z",
            "published": "2026-03-19T18:31:18Z",
            "id": "GHSA-3cr6-hpf3-2hmg",
            "modified": "2026-04-29T21:32:22Z",
            "url": "https://api.github.com/advisories/GHSA-3cr6-hpf3-2hmg"
        },
        {
            "modified": "2026-03-19T17:19:37Z",
            "imported": "2026-07-14T21:22:52.050Z",
            "published": "2026-03-19T16:54:33Z",
            "id": "EUVD-2026-13131",
            "url": "https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2026-13131",
            "html_url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-13131"
        }
    ],
    "license": "CC-BY-4.0"
}
References

Affected packages

Julia / wolfSSL_jll

Package

Name
wolfSSL_jll
Purl
pkg:julia/wolfSSL_jll?uuid=98c43586-9870-5ae5-ab22-acc77b9bbdb5

Affected ranges

Type
SEMVER
Events
Introduced
5.7.2+0
Fixed
5.9.2+0

Database specific

source
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-691.json"