JLSEC-2026-732

Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-732.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-732.json
JSON Data
https://api.osv.dev/v1/vulns/JLSEC-2026-732
Upstream
  • EUVD-2026-21235
  • GHSA-qvjw-73xm-jw34
Published
2026-07-14T21:41:35.775Z
Modified
2026-07-18T00:02:21.553840197Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
  • 6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover...
Details

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated.

Database specific
{
    "sources": [
        {
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-5504",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5504",
            "id": "CVE-2026-5504",
            "modified": "2026-06-17T10:59:08.143Z",
            "imported": "2026-07-17T22:32:42.280Z",
            "published": "2026-04-09T23:17:01.400Z",
            "database_specific": {
                "status": "Analyzed"
            }
        },
        {
            "url": "https://api.github.com/advisories/GHSA-qvjw-73xm-jw34",
            "published": "2026-04-10T00:30:31Z",
            "html_url": "https://github.com/advisories/GHSA-qvjw-73xm-jw34",
            "imported": "2026-07-17T22:32:42.442Z",
            "id": "GHSA-qvjw-73xm-jw34",
            "modified": "2026-04-29T15:30:35Z"
        },
        {
            "url": "https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2026-21235",
            "published": "2026-04-09T22:33:42Z",
            "html_url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-21235",
            "imported": "2026-07-17T22:32:52.330Z",
            "id": "EUVD-2026-21235",
            "modified": "2026-04-14T14:34:40Z"
        }
    ],
    "license": "CC-BY-4.0"
}
References

Affected packages

Julia / wolfSSL_jll

Package

Name
wolfSSL_jll
Purl
pkg:julia/wolfSSL_jll?uuid=98c43586-9870-5ae5-ab22-acc77b9bbdb5

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.9.2+0

Database specific

source
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-732.json"