[Git][security-tracker-team/security-tracker][master] Add initial tracking for some new wolfssl issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 20 08:32:28 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ae96ad9e by Salvatore Bonaccorso at 2026-03-20T09:31:08+01:00
Add initial tracking for some new wolfssl issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -43,11 +43,16 @@ CVE-2026-4038 (The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary F
 CVE-2026-3948
 	REJECTED
 CVE-2026-3849 (Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Confi ...)
-	TODO: check
+	- wolfssl <unfixed>
+	NOTE: https://github.com/wolfSSL/wolfssl/pull/9737
 CVE-2026-3549 (Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in  ...)
-	TODO: check
+	- wolfssl <unfixed>
+	NOTE: https://github.com/wolfSSL/wolfssl/pull/9817
 CVE-2026-3547 (Out-of-bounds read in ALPN parsing due to incomplete validation. wolfS ...)
-	TODO: check
+	- wolfssl <unfixed>
+	NOTE: https://github.com/wolfSSL/wolfssl/pull/9859
+	NOTE: https://github.com/wolfSSL/wolfssl/pull/9860
+	NOTE: Fixed by: https://github.com/wolfSSL/wolfssl/commit/9d3cc6e30c778b124002cc45b7974d718b6649fd (v5.9.0-stable)
 CVE-2026-3230 (Missing required cryptographic step in the TLS 1.3 client HelloRetryRe ...)
 	TODO: check
 CVE-2026-3229 (An integer overflow vulnerability existed in the static function wolfs ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae96ad9e03d0555305fc61ed7777095e4f181aa3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae96ad9e03d0555305fc61ed7777095e4f181aa3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260320/3040d7ee/attachment.htm>

More information about the debian-security-tracker-commits mailing list