JLSEC-2026-701

Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-701.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-701.json
JSON Data
https://api.osv.dev/v1/vulns/JLSEC-2026-701
Upstream
  • EUVD-2026-13135
Published
2026-07-14T21:41:35.775Z
Modified
2026-07-14T21:45:04.816494326Z
Severity
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
[none]
Details

In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 (wolfSSL 5.8.2 and earlier is vulnerable, 5.8.4 is not vulnerable). In 5.8.4 wolfSSL would detect the issue later in the handshake. 5.9.0 was further hardened to catch the issue earlier in the handshake.

Database specific
{
    "sources": [
        {
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-2645",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2645",
            "id": "CVE-2026-2645",
            "imported": "2026-07-14T21:22:48.998Z",
            "modified": "2026-06-17T10:31:27.377Z",
            "published": "2026-03-19T18:16:22.043Z",
            "database_specific": {
                "status": "Analyzed"
            }
        },
        {
            "url": "https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2026-13135",
            "html_url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-13135",
            "modified": "2026-03-19T17:45:54Z",
            "imported": "2026-07-14T21:22:51.995Z",
            "published": "2026-03-19T17:10:22Z",
            "id": "EUVD-2026-13135"
        }
    ],
    "license": "CC-BY-4.0"
}
References

Affected packages

Julia / wolfSSL_jll

Package

Name
wolfSSL_jll
Purl
pkg:julia/wolfSSL_jll?uuid=98c43586-9870-5ae5-ab22-acc77b9bbdb5

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.8.4+0

Database specific

source
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-701.json"