JLSEC-2026-707

Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-707.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-707.json
JSON Data
https://api.osv.dev/v1/vulns/JLSEC-2026-707
Upstream
  • EUVD-2026-13150
  • GHSA-86fv-q5vx-mw5m
Published
2026-07-14T21:41:35.775Z
Modified
2026-07-14T21:50:10.112279950Z
Severity
  • 7.2 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U CVSS Calculator
Summary
Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a...
Details

Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs, either of these out of bound writes could be triggered. Note this only affects builds that specifically enable CRL support, and the user would need to load a CRL from an untrusted source.

Database specific
{
    "sources": [
        {
            "id": "CVE-2026-3548",
            "database_specific": {
                "status": "Analyzed"
            },
            "imported": "2026-07-14T21:22:49.054Z",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-3548",
            "modified": "2026-06-17T10:43:46.083Z",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3548",
            "published": "2026-03-19T18:16:22.953Z"
        },
        {
            "id": "GHSA-86fv-q5vx-mw5m",
            "imported": "2026-07-14T21:23:05.593Z",
            "url": "https://api.github.com/advisories/GHSA-86fv-q5vx-mw5m",
            "modified": "2026-04-29T21:32:22Z",
            "html_url": "https://github.com/advisories/GHSA-86fv-q5vx-mw5m",
            "published": "2026-03-19T18:31:19Z"
        },
        {
            "id": "EUVD-2026-13150",
            "imported": "2026-07-14T21:22:51.976Z",
            "url": "https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2026-13150",
            "modified": "2026-03-19T18:00:53Z",
            "html_url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-13150",
            "published": "2026-03-19T17:45:16Z"
        }
    ],
    "license": "CC-BY-4.0"
}
References

Affected packages

Julia / wolfSSL_jll

Package

Name
wolfSSL_jll
Purl
pkg:julia/wolfSSL_jll?uuid=98c43586-9870-5ae5-ab22-acc77b9bbdb5

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.9.2+0

Database specific

source
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-707.json"