Description
Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does not affect the client's authentication of the server during TLS handshakes.
Published: 2026-03-19
Score: 1.2 Low
EPSS: < 1% Very Low
KEV: No
Impact: Confidentiality compromise
Action: Patch immediately
AI Analysis

Impact

The vulnerability in wolfSSL arises from an improper validation of the key_share extension during the TLS 1.3 HelloRetryRequest handshake. The flaw, a classic input validation failure (CWE-20), allows an attacker to send a crafted HelloRetryRequest followed by a ServerHello that omits the required key_share. Because the client mistakenly derives predictable traffic secrets from the shared key, the confidentiality of all encrypted data in that TLS session is compromised, though the server’s authentication remains unaffected.

Affected Systems

This issue affects the wolfSSL library in all releases that implement the described TLS 1.3 handshake behavior before the patch. No specific version numbers are listed in the CNA data, but every build using the affected HelloRetryRequest logic is potentially vulnerable.

Risk and Exploitability

The CVSS score of 1.2 classifies the flaw as low severity, and the EPSS score of less than 1% indicates a low likelihood of exploitation. The vulnerability is not currently tracked in the CISA KEV catalog. Exploitation requires an attacker who can observe or influence a TLS handshake to inject the malformed sequence, making practical exploitation challenging. Nevertheless, the confidentiality loss warrants prompt remediation.

Generated by OpenCVE AI on March 26, 2026 at 20:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update wolfSSL to a version that includes the fix from PR 9754 and any associated security patches
  • Validate that the updated library correctly rejects ServerHello messages missing the key_share extension during TLS 1.3 handshakes
  • Monitor TLS handshake logs for unusual HelloRetryRequest or missing key_share patterns and configure alerts if detected
  • If a patch cannot be applied immediately, restrict the affected systems to trusted networks and consider disabling exposure to untrusted clients until remediation

Generated by OpenCVE AI on March 26, 2026 at 20:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

Fri, 20 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Wolfssl
Wolfssl wolfssl
Vendors & Products Wolfssl
Wolfssl wolfssl

Thu, 19 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Description Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does not affect the client's authentication of the server during TLS handshakes.
Title Improper key_share validation in TLS 1.3 HelloRetryRequest
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 1.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/AU:Y/R:A/V:D/U:Clear'}

Subscriptions

Wolfssl Wolfssl
cve-icon MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published:

Updated: 2026-03-20T17:09:01.453Z

Reserved: 2026-02-25T20:42:49.228Z

Link: CVE-2026-3230

cve-icon Vulnrichment

Updated: 2026-03-20T17:08:58.312Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-19T21:17:12.483

Modified: 2026-03-26T18:33:37.110

Link: CVE-2026-3230

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:21:38Z

Weaknesses