{"id":"JLSEC-2026-673","details":"In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message.","modified":"2026-07-16T17:31:33.068485749Z","published":"2026-07-14T21:41:35.775Z","upstream":["CVE-2022-39173"],"database_specific":{"sources":[{"url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-39173","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39173","database_specific":{"status":"Modified"},"id":"CVE-2022-39173","imported":"2026-07-14T21:22:48.570Z","modified":"2026-06-17T04:57:51.080Z","published":"2022-09-29T01:15:11.373Z"}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"http://packetstormsecurity.com/files/169600/wolfSSL-Buffer-Overflow.html"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2022/Oct/24"},{"type":"WEB","url":"https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/"},{"type":"WEB","url":"https://github.com/wolfSSL/wolfssl/releases"},{"type":"WEB","url":"https://www.wolfssl.com/docs/security-vulnerabilities/"}],"affected":[{"package":{"name":"wolfSSL_jll","ecosystem":"Julia","purl":"pkg:julia/wolfSSL_jll?uuid=98c43586-9870-5ae5-ab22-acc77b9bbdb5"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"5.7.2+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-673.json"}}],"schema_version":"1.7.5"}