JLSEC-2026-708

Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-708.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-708.json
JSON Data
https://api.osv.dev/v1/vulns/JLSEC-2026-708
Upstream
Published
2026-07-14T21:41:35.775Z
Modified
2026-07-14T21:45:11.086345416Z
Summary
[none]
Details

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving.

Database specific
{
    "sources": [
        {
            "id": "CVE-2026-3549",
            "database_specific": {
                "status": "Analyzed"
            },
            "imported": "2026-07-14T21:22:49.144Z",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-3549",
            "modified": "2026-06-17T10:43:46.210Z",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3549",
            "published": "2026-03-19T21:17:12.823Z"
        }
    ],
    "license": "CC-BY-4.0"
}
References

Affected packages

Julia / wolfSSL_jll

Package

Name
wolfSSL_jll
Purl
pkg:julia/wolfSSL_jll?uuid=98c43586-9870-5ae5-ab22-acc77b9bbdb5

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.9.2+0

Database specific

source
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-708.json"