JLSEC-2026-703

Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-703.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-703.json
JSON Data
https://api.osv.dev/v1/vulns/JLSEC-2026-703
Upstream
Published
2026-07-14T21:41:35.775Z
Modified
2026-07-14T21:45:07.523658823Z
Summary
[none]
Details

An integer overflow vulnerability existed in the static function wolfssladdtochain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certificate buffer. wolfssladdtochain is called by these API: wolfSSLCTXaddextrachaincert, wolfSSLCTXadd1chaincert, wolfSSLadd0chaincert. These API are enabled for 3rd party compatibility features: enable-opensslall, enable-opensslextra, enable-lighty, enable-stunnel, enable-nginx, enable-haproxy. This issue is not remotely exploitable, and would require that the application context loading certificates is compromised.

Database specific
{
    "sources": [
        {
            "id": "CVE-2026-3229",
            "database_specific": {
                "status": "Analyzed"
            },
            "imported": "2026-07-14T21:22:49.110Z",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-3229",
            "modified": "2026-06-17T10:43:15.413Z",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3229",
            "published": "2026-03-19T21:17:12.330Z"
        }
    ],
    "license": "CC-BY-4.0"
}
References

Affected packages

Julia / wolfSSL_jll

Package

Name
wolfSSL_jll
Purl
pkg:julia/wolfSSL_jll?uuid=98c43586-9870-5ae5-ab22-acc77b9bbdb5

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.9.2+0

Database specific

source
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-703.json"