Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:conan/wolfssl@5.4.0
Typeconan
Namespace
Namewolfssl
Version5.4.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.6.3
Latest_non_vulnerable_version5.6.3
Affected_by_vulnerabilities
0
url VCID-6n4g-us9a-53g4
vulnerability_id VCID-6n4g-us9a-53g4
summary An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of wolfSSL's native API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-38152
reference_id
reference_type
scores
0
value 0.02711
scoring_system epss
scoring_elements 0.85849
published_at 2026-04-02T12:55:00Z
1
value 0.02711
scoring_system epss
scoring_elements 0.85867
published_at 2026-04-04T12:55:00Z
2
value 0.02711
scoring_system epss
scoring_elements 0.85871
published_at 2026-04-07T12:55:00Z
3
value 0.02711
scoring_system epss
scoring_elements 0.85889
published_at 2026-04-08T12:55:00Z
4
value 0.02711
scoring_system epss
scoring_elements 0.85899
published_at 2026-04-09T12:55:00Z
5
value 0.02711
scoring_system epss
scoring_elements 0.85914
published_at 2026-04-11T12:55:00Z
6
value 0.02711
scoring_system epss
scoring_elements 0.85911
published_at 2026-04-12T12:55:00Z
7
value 0.02711
scoring_system epss
scoring_elements 0.85906
published_at 2026-04-13T12:55:00Z
8
value 0.02711
scoring_system epss
scoring_elements 0.85924
published_at 2026-04-16T12:55:00Z
9
value 0.02711
scoring_system epss
scoring_elements 0.85928
published_at 2026-04-18T12:55:00Z
10
value 0.02711
scoring_system epss
scoring_elements 0.85919
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-38152
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38152
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38152
2
reference_url https://github.com/tlspuffin/tlspuffin
reference_id
reference_type
scores
url https://github.com/tlspuffin/tlspuffin
3
reference_url https://github.com/wolfSSL/wolfssl/pull/5468
reference_id
reference_type
scores
url https://github.com/wolfSSL/wolfssl/pull/5468
4
reference_url https://github.com/wolfSSL/wolfssl/releases
reference_id
reference_type
scores
url https://github.com/wolfSSL/wolfssl/releases
5
reference_url https://www.wolfssl.com/docs/security-vulnerabilities/
reference_id
reference_type
scores
url https://www.wolfssl.com/docs/security-vulnerabilities/
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021021
reference_id 1021021
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021021
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-38152
reference_id CVE-2022-38152
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-38152
fixed_packages
0
url pkg:conan/wolfssl@5.5.1
purl pkg:conan/wolfssl@5.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hguq-mr6k-jqd3
1
vulnerability VCID-ubye-e3yx-pfbb
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.5.1
aliases CVE-2022-38152
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6n4g-us9a-53g4
1
url VCID-hguq-mr6k-jqd3
vulnerability_id VCID-hguq-mr6k-jqd3
summary 
Improper Certificate Validation
If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. Using a potentially known IKM value when generating the session master secret key compromises the key generated, allowing an eavesdropper to reconstruct it and potentially allowing access to or meddling with message contents in the session. This issue does not affect client validation of connected servers, nor expose private key information, but could result in an insecure TLS 1.3 session when not controlling both sides of the connection. wolfSSL recommends that TLS 1.3 client side users update the version of wolfSSL used.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3724
reference_id
reference_type
scores
0
value 0.00107
scoring_system epss
scoring_elements 0.29064
published_at 2026-04-02T12:55:00Z
1
value 0.00107
scoring_system epss
scoring_elements 0.29115
published_at 2026-04-04T12:55:00Z
2
value 0.00107
scoring_system epss
scoring_elements 0.28927
published_at 2026-04-07T12:55:00Z
3
value 0.00107
scoring_system epss
scoring_elements 0.28992
published_at 2026-04-08T12:55:00Z
4
value 0.00107
scoring_system epss
scoring_elements 0.29035
published_at 2026-04-09T12:55:00Z
5
value 0.00134
scoring_system epss
scoring_elements 0.33087
published_at 2026-04-13T12:55:00Z
6
value 0.00134
scoring_system epss
scoring_elements 0.33128
published_at 2026-04-16T12:55:00Z
7
value 0.00134
scoring_system epss
scoring_elements 0.33105
published_at 2026-04-18T12:55:00Z
8
value 0.00134
scoring_system epss
scoring_elements 0.33066
published_at 2026-04-21T12:55:00Z
9
value 0.00134
scoring_system epss
scoring_elements 0.33149
published_at 2026-04-11T12:55:00Z
10
value 0.00134
scoring_system epss
scoring_elements 0.3311
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3724
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3724
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3724
2
reference_url https://github.com/wolfSSL/wolfssl/pull/6412
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-29T15:53:34Z/
url https://github.com/wolfSSL/wolfssl/pull/6412
3
reference_url https://www.wolfssl.com/docs/security-vulnerabilities/
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-29T15:53:34Z/
url https://www.wolfssl.com/docs/security-vulnerabilities/
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041699
reference_id 1041699
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041699
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3724
reference_id CVE-2023-3724
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-3724
fixed_packages
0
url pkg:conan/wolfssl@5.6.3
purl pkg:conan/wolfssl@5.6.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.6.3
aliases CVE-2023-3724
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hguq-mr6k-jqd3
2
url VCID-kksg-tc63-23bm
vulnerability_id VCID-kksg-tc63-23bm
summary In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39173
reference_id
reference_type
scores
0
value 0.01374
scoring_system epss
scoring_elements 0.80194
published_at 2026-04-02T12:55:00Z
1
value 0.01374
scoring_system epss
scoring_elements 0.80232
published_at 2026-04-08T12:55:00Z
2
value 0.01374
scoring_system epss
scoring_elements 0.80242
published_at 2026-04-09T12:55:00Z
3
value 0.01374
scoring_system epss
scoring_elements 0.8026
published_at 2026-04-11T12:55:00Z
4
value 0.01374
scoring_system epss
scoring_elements 0.80245
published_at 2026-04-12T12:55:00Z
5
value 0.01374
scoring_system epss
scoring_elements 0.80239
published_at 2026-04-13T12:55:00Z
6
value 0.01374
scoring_system epss
scoring_elements 0.80269
published_at 2026-04-16T12:55:00Z
7
value 0.01374
scoring_system epss
scoring_elements 0.80271
published_at 2026-04-18T12:55:00Z
8
value 0.01374
scoring_system epss
scoring_elements 0.80274
published_at 2026-04-21T12:55:00Z
9
value 0.01374
scoring_system epss
scoring_elements 0.80214
published_at 2026-04-04T12:55:00Z
10
value 0.01374
scoring_system epss
scoring_elements 0.80203
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39173
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39173
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39173
2
reference_url https://github.com/wolfSSL/wolfssl/releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T19:43:15Z/
url https://github.com/wolfSSL/wolfssl/releases
3
reference_url https://www.wolfssl.com/docs/security-vulnerabilities/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T19:43:15Z/
url https://www.wolfssl.com/docs/security-vulnerabilities/
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021021
reference_id 1021021
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021021
5
reference_url http://seclists.org/fulldisclosure/2022/Oct/24
reference_id 24
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T19:43:15Z/
url http://seclists.org/fulldisclosure/2022/Oct/24
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39173
reference_id CVE-2022-39173
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-39173
7
reference_url http://packetstormsecurity.com/files/169600/wolfSSL-Buffer-Overflow.html
reference_id wolfSSL-Buffer-Overflow.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T19:43:15Z/
url http://packetstormsecurity.com/files/169600/wolfSSL-Buffer-Overflow.html
8
reference_url https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
reference_id wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T19:43:15Z/
url https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
fixed_packages
0
url pkg:conan/wolfssl@5.5.1
purl pkg:conan/wolfssl@5.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hguq-mr6k-jqd3
1
vulnerability VCID-ubye-e3yx-pfbb
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.5.1
aliases CVE-2022-39173
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kksg-tc63-23bm
3
url VCID-ubye-e3yx-pfbb
vulnerability_id VCID-ubye-e3yx-pfbb
summary In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42905
reference_id
reference_type
scores
0
value 0.06142
scoring_system epss
scoring_elements 0.90836
published_at 2026-04-21T12:55:00Z
1
value 0.06142
scoring_system epss
scoring_elements 0.90784
published_at 2026-04-04T12:55:00Z
2
value 0.06142
scoring_system epss
scoring_elements 0.90794
published_at 2026-04-07T12:55:00Z
3
value 0.06142
scoring_system epss
scoring_elements 0.90805
published_at 2026-04-08T12:55:00Z
4
value 0.06142
scoring_system epss
scoring_elements 0.90812
published_at 2026-04-09T12:55:00Z
5
value 0.06142
scoring_system epss
scoring_elements 0.9082
published_at 2026-04-12T12:55:00Z
6
value 0.06142
scoring_system epss
scoring_elements 0.90819
published_at 2026-04-13T12:55:00Z
7
value 0.06142
scoring_system epss
scoring_elements 0.90838
published_at 2026-04-16T12:55:00Z
8
value 0.06142
scoring_system epss
scoring_elements 0.90773
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42905
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42905
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42905
2
reference_url https://github.com/wolfSSL/wolfssl/releases
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/
url https://github.com/wolfSSL/wolfssl/releases
3
reference_url https://www.wolfssl.com/docs/security-vulnerabilities/
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/
url https://www.wolfssl.com/docs/security-vulnerabilities/
4
reference_url http://seclists.org/fulldisclosure/2023/Jan/11
reference_id 11
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/
url http://seclists.org/fulldisclosure/2023/Jan/11
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42905
reference_id CVE-2022-42905
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-42905
6
reference_url https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable
reference_id v5.5.2-stable
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/
url https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable
7
reference_url https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
reference_id wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/
url https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
8
reference_url http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html
reference_id wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/
url http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html
fixed_packages
0
url pkg:conan/wolfssl@5.6.3
purl pkg:conan/wolfssl@5.6.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.6.3
aliases CVE-2022-42905
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ubye-e3yx-pfbb
4
url VCID-x4tg-m9be-2yfe
vulnerability_id VCID-x4tg-m9be-2yfe
summary An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery. (In 5.5.0 and later, WOLFSSL_CHECK_SIG_FAULTS can be used to address the vulnerability.)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42961
reference_id
reference_type
scores
0
value 0.00271
scoring_system epss
scoring_elements 0.50516
published_at 2026-04-02T12:55:00Z
1
value 0.00271
scoring_system epss
scoring_elements 0.50543
published_at 2026-04-04T12:55:00Z
2
value 0.00271
scoring_system epss
scoring_elements 0.50498
published_at 2026-04-07T12:55:00Z
3
value 0.00271
scoring_system epss
scoring_elements 0.50553
published_at 2026-04-08T12:55:00Z
4
value 0.00271
scoring_system epss
scoring_elements 0.5055
published_at 2026-04-09T12:55:00Z
5
value 0.00285
scoring_system epss
scoring_elements 0.52084
published_at 2026-04-18T12:55:00Z
6
value 0.00285
scoring_system epss
scoring_elements 0.52065
published_at 2026-04-21T12:55:00Z
7
value 0.00285
scoring_system epss
scoring_elements 0.52072
published_at 2026-04-11T12:55:00Z
8
value 0.00285
scoring_system epss
scoring_elements 0.52055
published_at 2026-04-12T12:55:00Z
9
value 0.00285
scoring_system epss
scoring_elements 0.52038
published_at 2026-04-13T12:55:00Z
10
value 0.00285
scoring_system epss
scoring_elements 0.52078
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42961
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42961
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42961
2
reference_url https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.0-stable
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:43:21Z/
url https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.0-stable
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023574
reference_id 1023574
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023574
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42961
reference_id CVE-2022-42961
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-42961
fixed_packages
0
url pkg:conan/wolfssl@5.5.0
purl pkg:conan/wolfssl@5.5.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.5.0
1
url pkg:conan/wolfssl@5.5.1
purl pkg:conan/wolfssl@5.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hguq-mr6k-jqd3
1
vulnerability VCID-ubye-e3yx-pfbb
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.5.1
aliases CVE-2022-42961
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x4tg-m9be-2yfe
Fixing_vulnerabilities
0
url VCID-cum2-vp1j-syfc
vulnerability_id VCID-cum2-vp1j-syfc
summary wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-34293
reference_id
reference_type
scores
0
value 0.00962
scoring_system epss
scoring_elements 0.76437
published_at 2026-04-02T12:55:00Z
1
value 0.00962
scoring_system epss
scoring_elements 0.76466
published_at 2026-04-04T12:55:00Z
2
value 0.00962
scoring_system epss
scoring_elements 0.76448
published_at 2026-04-07T12:55:00Z
3
value 0.00962
scoring_system epss
scoring_elements 0.7648
published_at 2026-04-08T12:55:00Z
4
value 0.00962
scoring_system epss
scoring_elements 0.76494
published_at 2026-04-09T12:55:00Z
5
value 0.00962
scoring_system epss
scoring_elements 0.7652
published_at 2026-04-11T12:55:00Z
6
value 0.00962
scoring_system epss
scoring_elements 0.76499
published_at 2026-04-12T12:55:00Z
7
value 0.00962
scoring_system epss
scoring_elements 0.76493
published_at 2026-04-13T12:55:00Z
8
value 0.00962
scoring_system epss
scoring_elements 0.76533
published_at 2026-04-16T12:55:00Z
9
value 0.00962
scoring_system epss
scoring_elements 0.76537
published_at 2026-04-18T12:55:00Z
10
value 0.00962
scoring_system epss
scoring_elements 0.76526
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-34293
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34293
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34293
2
reference_url https://github.com/wolfSSL/wolfssl/releases/tag/v5.4.0-stable
reference_id
reference_type
scores
url https://github.com/wolfSSL/wolfssl/releases/tag/v5.4.0-stable
3
reference_url http://www.openwall.com/lists/oss-security/2022/08/08/6
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2022/08/08/6
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016981
reference_id 1016981
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016981
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34293
reference_id CVE-2022-34293
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-34293
fixed_packages
0
url pkg:conan/wolfssl@5.4.0
purl pkg:conan/wolfssl@5.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6n4g-us9a-53g4
1
vulnerability VCID-hguq-mr6k-jqd3
2
vulnerability VCID-kksg-tc63-23bm
3
vulnerability VCID-ubye-e3yx-pfbb
4
vulnerability VCID-x4tg-m9be-2yfe
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.4.0
aliases CVE-2022-34293
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cum2-vp1j-syfc
1
url VCID-k32r-azxg-9yh3
vulnerability_id VCID-k32r-azxg-9yh3
summary An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a "free(): invalid pointer" message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-38153
reference_id
reference_type
scores
0
value 0.00568
scoring_system epss
scoring_elements 0.68481
published_at 2026-04-02T12:55:00Z
1
value 0.00568
scoring_system epss
scoring_elements 0.685
published_at 2026-04-04T12:55:00Z
2
value 0.00568
scoring_system epss
scoring_elements 0.68477
published_at 2026-04-07T12:55:00Z
3
value 0.00568
scoring_system epss
scoring_elements 0.68527
published_at 2026-04-13T12:55:00Z
4
value 0.00568
scoring_system epss
scoring_elements 0.68544
published_at 2026-04-09T12:55:00Z
5
value 0.00568
scoring_system epss
scoring_elements 0.68571
published_at 2026-04-11T12:55:00Z
6
value 0.00568
scoring_system epss
scoring_elements 0.68558
published_at 2026-04-21T12:55:00Z
7
value 0.00568
scoring_system epss
scoring_elements 0.68567
published_at 2026-04-16T12:55:00Z
8
value 0.00568
scoring_system epss
scoring_elements 0.6858
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-38153
1
reference_url https://github.com/trailofbits/tlspuffin
reference_id
reference_type
scores
url https://github.com/trailofbits/tlspuffin
2
reference_url https://github.com/wolfSSL/wolfssl/pull/5476
reference_id
reference_type
scores
url https://github.com/wolfSSL/wolfssl/pull/5476
3
reference_url https://github.com/wolfSSL/wolfssl/releases
reference_id
reference_type
scores
url https://github.com/wolfSSL/wolfssl/releases
4
reference_url https://www.wolfssl.com/docs/security-vulnerabilities/
reference_id
reference_type
scores
url https://www.wolfssl.com/docs/security-vulnerabilities/
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021021
reference_id 1021021
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021021
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-38153
reference_id CVE-2022-38153
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-38153
fixed_packages
0
url pkg:conan/wolfssl@5.4.0
purl pkg:conan/wolfssl@5.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6n4g-us9a-53g4
1
vulnerability VCID-hguq-mr6k-jqd3
2
vulnerability VCID-kksg-tc63-23bm
3
vulnerability VCID-ubye-e3yx-pfbb
4
vulnerability VCID-x4tg-m9be-2yfe
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.4.0
aliases CVE-2022-38153
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k32r-azxg-9yh3
Risk_score4.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.4.0