JLSEC-2026-704

Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-704.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-704.json
JSON Data
https://api.osv.dev/v1/vulns/JLSEC-2026-704
Upstream
  • EUVD-2026-13209
  • GHSA-g3xr-5f55-cf5g
Published
2026-07-14T21:41:35.775Z
Modified
2026-07-14T21:50:10.188625365Z
Severity
  • 1.2 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/AU:Y/R:A/V:D/U:Clear CVSS Calculator
Summary
Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in...
Details

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does not affect the client's authentication of the server during TLS handshakes.

Database specific
{
    "sources": [
        {
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3230",
            "modified": "2026-06-17T10:43:15.530Z",
            "published": "2026-03-19T21:17:12.483Z",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-3230",
            "imported": "2026-07-14T21:22:49.122Z",
            "id": "CVE-2026-3230",
            "database_specific": {
                "status": "Analyzed"
            }
        },
        {
            "url": "https://api.github.com/advisories/GHSA-g3xr-5f55-cf5g",
            "published": "2026-03-19T21:30:25Z",
            "html_url": "https://github.com/advisories/GHSA-g3xr-5f55-cf5g",
            "imported": "2026-07-14T21:23:08.160Z",
            "id": "GHSA-g3xr-5f55-cf5g",
            "modified": "2026-03-26T21:31:20Z"
        },
        {
            "url": "https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2026-13209",
            "html_url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-13209",
            "published": "2026-03-19T20:59:54Z",
            "imported": "2026-07-14T21:22:51.918Z",
            "id": "EUVD-2026-13209",
            "modified": "2026-03-20T17:09:01Z"
        }
    ],
    "license": "CC-BY-4.0"
}
References

Affected packages

Julia / wolfSSL_jll

Package

Name
wolfSSL_jll
Purl
pkg:julia/wolfSSL_jll?uuid=98c43586-9870-5ae5-ab22-acc77b9bbdb5

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.9.2+0

Database specific

source
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-704.json"