{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3230", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "state": "PUBLISHED", "assignerShortName": "wolfSSL", "dateReserved": "2026-02-25T20:42:49.228Z", "datePublished": "2026-03-19T20:59:54.021Z", "dateUpdated": "2026-03-19T20:59:54.021Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2026-03-19T20:59:54.021Z"}, "title": "Improper key_share validation in TLS 1.3 HelloRetryRequest", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation Improper Input Validation", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-220", "descriptions": [{"lang": "en", "value": "CAPEC-220 Client-Server Protocol Manipulation"}]}], "affected": [{"vendor": "wolfSSL", "product": "wolfSSL", "collectionURL": "https://github.com/wolfSSL/wolfssl", "packageName": "wolfSSL", "repo": "https://github.com/wolfSSL/wolfssl", "modules": ["wolfSSL"], "programFiles": ["tls.c", "tls13.c"], "versions": [{"status": "affected", "version": "0", "lessThan": "5.9.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does not affect the client's authentication of the server during TLS handshakes.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does <b>not </b>affect the client's authentication of the server during TLS handshakes.</p>"}]}], "references": [{"url": "https://github.com/wolfSSL/wolfssl/pull/9754"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "Safety": "NOT_DEFINED", "Automatable": "YES", "Recovery": "AUTOMATIC", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "CLEAR", "version": "4.0", "baseSeverity": "LOW", "baseScore": 1.2, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/AU:Y/R:A/V:D/U:Clear"}}], "credits": [{"lang": "en", "value": "Jaehun Lee, Pohang University of Science and Technology (POSTECH)", "type": "finder"}, {"lang": "en", "value": "Kyungmin Bae, Pohang University of Science and Technology (POSTECH)", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does not affect the client's authentication of the server during TLS handshakes."}], "id": "CVE-2026-3230", "lastModified": "2026-03-19T21:17:12.483", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.2, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "CLEAR", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:X/U:Clear", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "facts@wolfssl.com", "type": "Secondary"}]}, "published": "2026-03-19T21:17:12.483", "references": [{"source": "facts@wolfssl.com", "url": "https://github.com/wolfSSL/wolfssl/pull/9754"}], "sourceIdentifier": "facts@wolfssl.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "facts@wolfssl.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,5.9.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "wolfSSL", "source": "cna", "vendor": "wolfSSL"}, "product": "wolfssl", "vendor": "wolfssl"}], "analysis": {"en": {"generated_at": "2026-03-19T22:25:41.912136+00:00", "value": {"mitigation_remediation": ["Upgrade to a wolfSSL release that incorporates the fix referenced in GitHub pull request\u202f9754 or the corresponding upstream commit. Verify that TLS\u202f1.3 HelloRetryRequest processing now requires validation of the key_share extension before deriving traffic secrets."], "summary": {"action": "Immediate Patch", "impact": "Confidentiality Compromise (TLS)"}, "threat_synthesis": {"affected_systems": "The affected product is wolfSSL. No specific version ranges are listed in the CNA data, but the issue is present in any build of wolfSSL that incorporates the vulnerable HelloRetryRequest handling code before the fix referenced in the pull\u2011request. Users should inspect their installed wolfSSL version against the upstream changelog or the pull request for confirmation.", "description_and_impact": "The vulnerability arises from an omission of a required cryptographic step in the TLS\u202f1.3 client\u2019s processing of a HelloRetryRequest. A crafted HelloRetryRequest followed by a ServerHello that omits the key_share extension allows the client to derive predictable traffic secrets from the (EC)DH shared secret, thereby compromising the confidentiality of TLS\u2011protected communications. The flaw is a classic input\u2011validation error (CWE\u201120) and does not affect the client\u2019s authentication of the server.", "risk_and_exploitability": "The CVSS score is 1.2, indicating low severity, and the EPSS score is not available. The vulnerability is not listed in the CISA KEV catalog. Exploitation would require an attacker to act as a TLS server capable of sending a custom HelloRetryRequest; thus the attack vector is network\u2011based and relies on the client\u2019s willingness to accept the TLS handshake. Because the flaw does not affect server authentication, it is unlikely to be a high\u2011priority exploit vector in most deployments."}}}}, "created": "2026-03-20T08:56:04.699926+00:00", "updated": "2026-03-20T11:06:14.412774+00:00", "vendors": ["wolfssl", "wolfssl$PRODUCT$wolfssl"]}