Description
Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does not affect the client's authentication of the server during TLS handshakes.
INFO
Published Date :
2026-03-19T20:59:54.021Z
Last Modified :
2026-03-20T17:09:01.453Z
Source :
wolfSSL
AFFECTED PRODUCTS
The following products are affected by CVE-2026-3230 vulnerability.
| Vendors | Products |
|---|---|
| Wolfssl |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2026-3230.
| URL | Resource |
|---|---|
| https://github.com/wolfSSL/wolfssl/pull/9754 |
|
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability