JLSEC-2026-715

Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-715.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-715.json
JSON Data
https://api.osv.dev/v1/vulns/JLSEC-2026-715
Upstream
  • EUVD-2026-21290
  • GHSA-9qgc-pcpx-g38q
Published
2026-07-14T21:41:35.775Z
Modified
2026-07-18T00:01:03.807347252Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator
  • 2.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN)...
Details

An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This results in incorrect handling of certificate data. The issue is limited to configurations using the original ASN.1 parsing implementation which is off by default.

Database specific
{
    "sources": [
        {
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-5188",
            "published": "2026-04-10T04:17:15.700Z",
            "modified": "2026-06-17T10:58:34.467Z",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5188",
            "imported": "2026-07-17T22:29:38.957Z",
            "id": "CVE-2026-5188",
            "database_specific": {
                "status": "Analyzed"
            }
        },
        {
            "url": "https://api.github.com/advisories/GHSA-9qgc-pcpx-g38q",
            "html_url": "https://github.com/advisories/GHSA-9qgc-pcpx-g38q",
            "modified": "2026-04-29T15:30:36Z",
            "imported": "2026-07-17T22:29:39.164Z",
            "published": "2026-04-10T06:31:37Z",
            "id": "GHSA-9qgc-pcpx-g38q"
        },
        {
            "url": "https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2026-21290",
            "html_url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-21290",
            "id": "EUVD-2026-21290",
            "imported": "2026-07-17T22:29:49.030Z",
            "published": "2026-04-10T03:24:21Z",
            "modified": "2026-04-10T13:41:51Z"
        }
    ],
    "license": "CC-BY-4.0"
}
References

Affected packages

Julia / wolfSSL_jll

Package

Name
wolfSSL_jll
Purl
pkg:julia/wolfSSL_jll?uuid=98c43586-9870-5ae5-ab22-acc77b9bbdb5

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.9.2+0

Database specific

source
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-715.json"