CVE-2026-3230

EPSS 0.07%
Veröffentlicht 19.03.2026 21:17:12
Zuletzt bearbeitet 26.03.2026 18:33:37
Quelle facts@wolfssl.com
CVE-Watchlists
Login
Unerledigt
Login

Improper key_share validation in TLS 1.3 HelloRetryRequest

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does not affect the client's authentication of the server during TLS handshakes.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wolfssl ≫ Wolfssl Version < 5.9.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.213

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.7	1.2	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
facts@wolfssl.com	1.2	0	0	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:X/U:Clear

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/wolfSSL/wolfssl/pull/9754

Patch

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2026-3230

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-3230

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-3230

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-3230