Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:conan/wolfssl@4.8.1
Typeconan
Namespace
Namewolfssl
Version4.8.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.6.3
Latest_non_vulnerable_version5.6.3
Affected_by_vulnerabilities
0
url VCID-3774-6bd4-8qcs
vulnerability_id VCID-3774-6bd4-8qcs
summary wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-44718
reference_id
reference_type
scores
0
value 0.00206
scoring_system epss
scoring_elements 0.42779
published_at 2026-04-01T12:55:00Z
1
value 0.00206
scoring_system epss
scoring_elements 0.42849
published_at 2026-04-13T12:55:00Z
2
value 0.00206
scoring_system epss
scoring_elements 0.42877
published_at 2026-04-04T12:55:00Z
3
value 0.00206
scoring_system epss
scoring_elements 0.42816
published_at 2026-04-07T12:55:00Z
4
value 0.00206
scoring_system epss
scoring_elements 0.42867
published_at 2026-04-08T12:55:00Z
5
value 0.00206
scoring_system epss
scoring_elements 0.4288
published_at 2026-04-09T12:55:00Z
6
value 0.00206
scoring_system epss
scoring_elements 0.42901
published_at 2026-04-11T12:55:00Z
7
value 0.00206
scoring_system epss
scoring_elements 0.42866
published_at 2026-04-12T12:55:00Z
8
value 0.00206
scoring_system epss
scoring_elements 0.4291
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-44718
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44718
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44718
2
reference_url https://github.com/wolfSSL/wolfssl/releases
reference_id
reference_type
scores
url https://github.com/wolfSSL/wolfssl/releases
3
reference_url https://www.wolfssl.com/docs/security-vulnerabilities/
reference_id
reference_type
scores
url https://www.wolfssl.com/docs/security-vulnerabilities/
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-44718
reference_id CVE-2021-44718
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-44718
fixed_packages
0
url pkg:conan/wolfssl@5.1.1
purl pkg:conan/wolfssl@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6n4g-us9a-53g4
1
vulnerability VCID-av4q-73pk-tucd
2
vulnerability VCID-cum2-vp1j-syfc
3
vulnerability VCID-hguq-mr6k-jqd3
4
vulnerability VCID-kksg-tc63-23bm
5
vulnerability VCID-mtcu-yhz9-c7b8
6
vulnerability VCID-ubye-e3yx-pfbb
7
vulnerability VCID-x4tg-m9be-2yfe
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.1.1
aliases CVE-2021-44718
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3774-6bd4-8qcs
1
url VCID-6n4g-us9a-53g4
vulnerability_id VCID-6n4g-us9a-53g4
summary An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of wolfSSL's native API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-38152
reference_id
reference_type
scores
0
value 0.02711
scoring_system epss
scoring_elements 0.85849
published_at 2026-04-02T12:55:00Z
1
value 0.02711
scoring_system epss
scoring_elements 0.85867
published_at 2026-04-04T12:55:00Z
2
value 0.02711
scoring_system epss
scoring_elements 0.85871
published_at 2026-04-07T12:55:00Z
3
value 0.02711
scoring_system epss
scoring_elements 0.85889
published_at 2026-04-08T12:55:00Z
4
value 0.02711
scoring_system epss
scoring_elements 0.85899
published_at 2026-04-09T12:55:00Z
5
value 0.02711
scoring_system epss
scoring_elements 0.85914
published_at 2026-04-11T12:55:00Z
6
value 0.02711
scoring_system epss
scoring_elements 0.85911
published_at 2026-04-12T12:55:00Z
7
value 0.02711
scoring_system epss
scoring_elements 0.85906
published_at 2026-04-13T12:55:00Z
8
value 0.02711
scoring_system epss
scoring_elements 0.85924
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-38152
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38152
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38152
2
reference_url https://github.com/tlspuffin/tlspuffin
reference_id
reference_type
scores
url https://github.com/tlspuffin/tlspuffin
3
reference_url https://github.com/wolfSSL/wolfssl/pull/5468
reference_id
reference_type
scores
url https://github.com/wolfSSL/wolfssl/pull/5468
4
reference_url https://github.com/wolfSSL/wolfssl/releases
reference_id
reference_type
scores
url https://github.com/wolfSSL/wolfssl/releases
5
reference_url https://www.wolfssl.com/docs/security-vulnerabilities/
reference_id
reference_type
scores
url https://www.wolfssl.com/docs/security-vulnerabilities/
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021021
reference_id 1021021
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021021
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-38152
reference_id CVE-2022-38152
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-38152
fixed_packages
0
url pkg:conan/wolfssl@5.5.1
purl pkg:conan/wolfssl@5.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hguq-mr6k-jqd3
1
vulnerability VCID-ubye-e3yx-pfbb
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.5.1
aliases CVE-2022-38152
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6n4g-us9a-53g4
2
url VCID-av4q-73pk-tucd
vulnerability_id VCID-av4q-73pk-tucd
summary 
Improper Authentication
In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the `certificate_verify` message from the handshake, and never present a certificate.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25640
reference_id
reference_type
scores
0
value 0.05102
scoring_system epss
scoring_elements 0.89792
published_at 2026-04-02T12:55:00Z
1
value 0.05102
scoring_system epss
scoring_elements 0.89807
published_at 2026-04-04T12:55:00Z
2
value 0.05102
scoring_system epss
scoring_elements 0.8981
published_at 2026-04-07T12:55:00Z
3
value 0.05102
scoring_system epss
scoring_elements 0.89827
published_at 2026-04-08T12:55:00Z
4
value 0.05102
scoring_system epss
scoring_elements 0.89833
published_at 2026-04-09T12:55:00Z
5
value 0.05102
scoring_system epss
scoring_elements 0.8984
published_at 2026-04-11T12:55:00Z
6
value 0.05102
scoring_system epss
scoring_elements 0.89838
published_at 2026-04-12T12:55:00Z
7
value 0.05102
scoring_system epss
scoring_elements 0.89831
published_at 2026-04-13T12:55:00Z
8
value 0.05102
scoring_system epss
scoring_elements 0.89845
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25640
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25640
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25640
2
reference_url https://github.com/wolfSSL/wolfssl/pull/4831
reference_id
reference_type
scores
url https://github.com/wolfSSL/wolfssl/pull/4831
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25640
reference_id CVE-2022-25640
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-25640
fixed_packages
0
url pkg:conan/wolfssl@5.2.0
purl pkg:conan/wolfssl@5.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6n4g-us9a-53g4
1
vulnerability VCID-cum2-vp1j-syfc
2
vulnerability VCID-hguq-mr6k-jqd3
3
vulnerability VCID-kksg-tc63-23bm
4
vulnerability VCID-ubye-e3yx-pfbb
5
vulnerability VCID-x4tg-m9be-2yfe
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.2.0
aliases CVE-2022-25640
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-av4q-73pk-tucd
3
url VCID-cum2-vp1j-syfc
vulnerability_id VCID-cum2-vp1j-syfc
summary wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-34293
reference_id
reference_type
scores
0
value 0.00962
scoring_system epss
scoring_elements 0.76437
published_at 2026-04-02T12:55:00Z
1
value 0.00962
scoring_system epss
scoring_elements 0.76466
published_at 2026-04-04T12:55:00Z
2
value 0.00962
scoring_system epss
scoring_elements 0.76448
published_at 2026-04-07T12:55:00Z
3
value 0.00962
scoring_system epss
scoring_elements 0.7648
published_at 2026-04-08T12:55:00Z
4
value 0.00962
scoring_system epss
scoring_elements 0.76494
published_at 2026-04-09T12:55:00Z
5
value 0.00962
scoring_system epss
scoring_elements 0.7652
published_at 2026-04-11T12:55:00Z
6
value 0.00962
scoring_system epss
scoring_elements 0.76499
published_at 2026-04-12T12:55:00Z
7
value 0.00962
scoring_system epss
scoring_elements 0.76493
published_at 2026-04-13T12:55:00Z
8
value 0.00962
scoring_system epss
scoring_elements 0.76533
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-34293
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34293
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34293
2
reference_url https://github.com/wolfSSL/wolfssl/releases/tag/v5.4.0-stable
reference_id
reference_type
scores
url https://github.com/wolfSSL/wolfssl/releases/tag/v5.4.0-stable
3
reference_url http://www.openwall.com/lists/oss-security/2022/08/08/6
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2022/08/08/6
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016981
reference_id 1016981
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016981
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34293
reference_id CVE-2022-34293
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-34293
fixed_packages
0
url pkg:conan/wolfssl@5.4.0
purl pkg:conan/wolfssl@5.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6n4g-us9a-53g4
1
vulnerability VCID-hguq-mr6k-jqd3
2
vulnerability VCID-kksg-tc63-23bm
3
vulnerability VCID-ubye-e3yx-pfbb
4
vulnerability VCID-x4tg-m9be-2yfe
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.4.0
aliases CVE-2022-34293
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cum2-vp1j-syfc
4
url VCID-hguq-mr6k-jqd3
vulnerability_id VCID-hguq-mr6k-jqd3
summary 
Improper Certificate Validation
If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. Using a potentially known IKM value when generating the session master secret key compromises the key generated, allowing an eavesdropper to reconstruct it and potentially allowing access to or meddling with message contents in the session. This issue does not affect client validation of connected servers, nor expose private key information, but could result in an insecure TLS 1.3 session when not controlling both sides of the connection. wolfSSL recommends that TLS 1.3 client side users update the version of wolfSSL used.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3724
reference_id
reference_type
scores
0
value 0.00107
scoring_system epss
scoring_elements 0.29064
published_at 2026-04-02T12:55:00Z
1
value 0.00107
scoring_system epss
scoring_elements 0.29115
published_at 2026-04-04T12:55:00Z
2
value 0.00107
scoring_system epss
scoring_elements 0.28927
published_at 2026-04-07T12:55:00Z
3
value 0.00107
scoring_system epss
scoring_elements 0.28992
published_at 2026-04-08T12:55:00Z
4
value 0.00107
scoring_system epss
scoring_elements 0.29035
published_at 2026-04-09T12:55:00Z
5
value 0.00134
scoring_system epss
scoring_elements 0.33149
published_at 2026-04-11T12:55:00Z
6
value 0.00134
scoring_system epss
scoring_elements 0.3311
published_at 2026-04-12T12:55:00Z
7
value 0.00134
scoring_system epss
scoring_elements 0.33087
published_at 2026-04-13T12:55:00Z
8
value 0.00134
scoring_system epss
scoring_elements 0.33128
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3724
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3724
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3724
2
reference_url https://github.com/wolfSSL/wolfssl/pull/6412
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-29T15:53:34Z/
url https://github.com/wolfSSL/wolfssl/pull/6412
3
reference_url https://www.wolfssl.com/docs/security-vulnerabilities/
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-29T15:53:34Z/
url https://www.wolfssl.com/docs/security-vulnerabilities/
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041699
reference_id 1041699
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041699
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3724
reference_id CVE-2023-3724
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-3724
fixed_packages
0
url pkg:conan/wolfssl@5.6.3
purl pkg:conan/wolfssl@5.6.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.6.3
aliases CVE-2023-3724
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hguq-mr6k-jqd3
5
url VCID-kksg-tc63-23bm
vulnerability_id VCID-kksg-tc63-23bm
summary In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39173
reference_id
reference_type
scores
0
value 0.01374
scoring_system epss
scoring_elements 0.80194
published_at 2026-04-02T12:55:00Z
1
value 0.01374
scoring_system epss
scoring_elements 0.80214
published_at 2026-04-04T12:55:00Z
2
value 0.01374
scoring_system epss
scoring_elements 0.80203
published_at 2026-04-07T12:55:00Z
3
value 0.01374
scoring_system epss
scoring_elements 0.80232
published_at 2026-04-08T12:55:00Z
4
value 0.01374
scoring_system epss
scoring_elements 0.80242
published_at 2026-04-09T12:55:00Z
5
value 0.01374
scoring_system epss
scoring_elements 0.8026
published_at 2026-04-11T12:55:00Z
6
value 0.01374
scoring_system epss
scoring_elements 0.80245
published_at 2026-04-12T12:55:00Z
7
value 0.01374
scoring_system epss
scoring_elements 0.80239
published_at 2026-04-13T12:55:00Z
8
value 0.01374
scoring_system epss
scoring_elements 0.80269
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39173
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39173
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39173
2
reference_url https://github.com/wolfSSL/wolfssl/releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T19:43:15Z/
url https://github.com/wolfSSL/wolfssl/releases
3
reference_url https://www.wolfssl.com/docs/security-vulnerabilities/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T19:43:15Z/
url https://www.wolfssl.com/docs/security-vulnerabilities/
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021021
reference_id 1021021
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021021
5
reference_url http://seclists.org/fulldisclosure/2022/Oct/24
reference_id 24
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T19:43:15Z/
url http://seclists.org/fulldisclosure/2022/Oct/24
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39173
reference_id CVE-2022-39173
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-39173
7
reference_url http://packetstormsecurity.com/files/169600/wolfSSL-Buffer-Overflow.html
reference_id wolfSSL-Buffer-Overflow.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T19:43:15Z/
url http://packetstormsecurity.com/files/169600/wolfSSL-Buffer-Overflow.html
8
reference_url https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
reference_id wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T19:43:15Z/
url https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
fixed_packages
0
url pkg:conan/wolfssl@5.5.1
purl pkg:conan/wolfssl@5.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hguq-mr6k-jqd3
1
vulnerability VCID-ubye-e3yx-pfbb
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.5.1
aliases CVE-2022-39173
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kksg-tc63-23bm
6
url VCID-mtcu-yhz9-c7b8
vulnerability_id VCID-mtcu-yhz9-c7b8
summary 
Improper Certificate Validation
In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the `sig_algo` field differs between the `certificate_verify` message and the certificate message.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25638
reference_id
reference_type
scores
0
value 0.00145
scoring_system epss
scoring_elements 0.34947
published_at 2026-04-02T12:55:00Z
1
value 0.00145
scoring_system epss
scoring_elements 0.34973
published_at 2026-04-04T12:55:00Z
2
value 0.00145
scoring_system epss
scoring_elements 0.34853
published_at 2026-04-07T12:55:00Z
3
value 0.00145
scoring_system epss
scoring_elements 0.34898
published_at 2026-04-08T12:55:00Z
4
value 0.00145
scoring_system epss
scoring_elements 0.34927
published_at 2026-04-09T12:55:00Z
5
value 0.00145
scoring_system epss
scoring_elements 0.34931
published_at 2026-04-11T12:55:00Z
6
value 0.00145
scoring_system epss
scoring_elements 0.34894
published_at 2026-04-12T12:55:00Z
7
value 0.00145
scoring_system epss
scoring_elements 0.34871
published_at 2026-04-13T12:55:00Z
8
value 0.00145
scoring_system epss
scoring_elements 0.3491
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25638
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25638
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25638
2
reference_url https://github.com/wolfSSL/wolfssl/pull/4813
reference_id
reference_type
scores
url https://github.com/wolfSSL/wolfssl/pull/4813
3
reference_url https://www.wolfssl.com/docs/security-vulnerabilities/
reference_id
reference_type
scores
url https://www.wolfssl.com/docs/security-vulnerabilities/
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25638
reference_id CVE-2022-25638
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-25638
fixed_packages
0
url pkg:conan/wolfssl@5.2.0
purl pkg:conan/wolfssl@5.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6n4g-us9a-53g4
1
vulnerability VCID-cum2-vp1j-syfc
2
vulnerability VCID-hguq-mr6k-jqd3
3
vulnerability VCID-kksg-tc63-23bm
4
vulnerability VCID-ubye-e3yx-pfbb
5
vulnerability VCID-x4tg-m9be-2yfe
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.2.0
aliases CVE-2022-25638
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mtcu-yhz9-c7b8
7
url VCID-ubye-e3yx-pfbb
vulnerability_id VCID-ubye-e3yx-pfbb
summary In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42905
reference_id
reference_type
scores
0
value 0.06142
scoring_system epss
scoring_elements 0.90838
published_at 2026-04-16T12:55:00Z
1
value 0.06142
scoring_system epss
scoring_elements 0.90784
published_at 2026-04-04T12:55:00Z
2
value 0.06142
scoring_system epss
scoring_elements 0.90794
published_at 2026-04-07T12:55:00Z
3
value 0.06142
scoring_system epss
scoring_elements 0.90805
published_at 2026-04-08T12:55:00Z
4
value 0.06142
scoring_system epss
scoring_elements 0.90812
published_at 2026-04-09T12:55:00Z
5
value 0.06142
scoring_system epss
scoring_elements 0.9082
published_at 2026-04-12T12:55:00Z
6
value 0.06142
scoring_system epss
scoring_elements 0.90819
published_at 2026-04-13T12:55:00Z
7
value 0.06142
scoring_system epss
scoring_elements 0.90773
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42905
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42905
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42905
2
reference_url https://github.com/wolfSSL/wolfssl/releases
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/
url https://github.com/wolfSSL/wolfssl/releases
3
reference_url https://www.wolfssl.com/docs/security-vulnerabilities/
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/
url https://www.wolfssl.com/docs/security-vulnerabilities/
4
reference_url http://seclists.org/fulldisclosure/2023/Jan/11
reference_id 11
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/
url http://seclists.org/fulldisclosure/2023/Jan/11
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42905
reference_id CVE-2022-42905
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-42905
6
reference_url https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable
reference_id v5.5.2-stable
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/
url https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable
7
reference_url https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
reference_id wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/
url https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
8
reference_url http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html
reference_id wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/
url http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html
fixed_packages
0
url pkg:conan/wolfssl@5.6.3
purl pkg:conan/wolfssl@5.6.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.6.3
aliases CVE-2022-42905
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ubye-e3yx-pfbb
8
url VCID-x4tg-m9be-2yfe
vulnerability_id VCID-x4tg-m9be-2yfe
summary An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery. (In 5.5.0 and later, WOLFSSL_CHECK_SIG_FAULTS can be used to address the vulnerability.)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42961
reference_id
reference_type
scores
0
value 0.00271
scoring_system epss
scoring_elements 0.50516
published_at 2026-04-02T12:55:00Z
1
value 0.00271
scoring_system epss
scoring_elements 0.50543
published_at 2026-04-04T12:55:00Z
2
value 0.00271
scoring_system epss
scoring_elements 0.50498
published_at 2026-04-07T12:55:00Z
3
value 0.00271
scoring_system epss
scoring_elements 0.50553
published_at 2026-04-08T12:55:00Z
4
value 0.00271
scoring_system epss
scoring_elements 0.5055
published_at 2026-04-09T12:55:00Z
5
value 0.00285
scoring_system epss
scoring_elements 0.52038
published_at 2026-04-13T12:55:00Z
6
value 0.00285
scoring_system epss
scoring_elements 0.52078
published_at 2026-04-16T12:55:00Z
7
value 0.00285
scoring_system epss
scoring_elements 0.52072
published_at 2026-04-11T12:55:00Z
8
value 0.00285
scoring_system epss
scoring_elements 0.52055
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42961
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42961
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42961
2
reference_url https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.0-stable
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:43:21Z/
url https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.0-stable
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023574
reference_id 1023574
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023574
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42961
reference_id CVE-2022-42961
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-42961
fixed_packages
0
url pkg:conan/wolfssl@5.5.0
purl pkg:conan/wolfssl@5.5.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.5.0
1
url pkg:conan/wolfssl@5.5.1
purl pkg:conan/wolfssl@5.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hguq-mr6k-jqd3
1
vulnerability VCID-ubye-e3yx-pfbb
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.5.1
aliases CVE-2022-42961
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x4tg-m9be-2yfe
Fixing_vulnerabilities
0
url VCID-h2vp-p7fd-7bev
vulnerability_id VCID-h2vp-p7fd-7bev
summary 
Improper Handling of Exceptional Conditions
wolfSSL does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37155
reference_id
reference_type
scores
0
value 0.00513
scoring_system epss
scoring_elements 0.66455
published_at 2026-04-01T12:55:00Z
1
value 0.00513
scoring_system epss
scoring_elements 0.66494
published_at 2026-04-02T12:55:00Z
2
value 0.00513
scoring_system epss
scoring_elements 0.6652
published_at 2026-04-04T12:55:00Z
3
value 0.00513
scoring_system epss
scoring_elements 0.66492
published_at 2026-04-07T12:55:00Z
4
value 0.00513
scoring_system epss
scoring_elements 0.6654
published_at 2026-04-08T12:55:00Z
5
value 0.00513
scoring_system epss
scoring_elements 0.66554
published_at 2026-04-09T12:55:00Z
6
value 0.00513
scoring_system epss
scoring_elements 0.66573
published_at 2026-04-11T12:55:00Z
7
value 0.00513
scoring_system epss
scoring_elements 0.66561
published_at 2026-04-12T12:55:00Z
8
value 0.00513
scoring_system epss
scoring_elements 0.66529
published_at 2026-04-13T12:55:00Z
9
value 0.00513
scoring_system epss
scoring_elements 0.66564
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37155
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37155
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37155
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991443
reference_id 991443
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991443
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-37155
reference_id CVE-2021-37155
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-37155
fixed_packages
0
url pkg:conan/wolfssl@4.8.1
purl pkg:conan/wolfssl@4.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3774-6bd4-8qcs
1
vulnerability VCID-6n4g-us9a-53g4
2
vulnerability VCID-av4q-73pk-tucd
3
vulnerability VCID-cum2-vp1j-syfc
4
vulnerability VCID-hguq-mr6k-jqd3
5
vulnerability VCID-kksg-tc63-23bm
6
vulnerability VCID-mtcu-yhz9-c7b8
7
vulnerability VCID-ubye-e3yx-pfbb
8
vulnerability VCID-x4tg-m9be-2yfe
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@4.8.1
aliases CVE-2021-37155
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h2vp-p7fd-7bev
1
url VCID-yyy6-k4y2-s3ep
vulnerability_id VCID-yyy6-k4y2-s3ep
summary 
Insufficient Verification of Data Authenticity
wolfSSL incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38597
reference_id
reference_type
scores
0
value 0.00183
scoring_system epss
scoring_elements 0.39884
published_at 2026-04-01T12:55:00Z
1
value 0.00183
scoring_system epss
scoring_elements 0.40032
published_at 2026-04-02T12:55:00Z
2
value 0.00183
scoring_system epss
scoring_elements 0.40059
published_at 2026-04-04T12:55:00Z
3
value 0.00183
scoring_system epss
scoring_elements 0.39979
published_at 2026-04-07T12:55:00Z
4
value 0.00183
scoring_system epss
scoring_elements 0.40033
published_at 2026-04-08T12:55:00Z
5
value 0.00183
scoring_system epss
scoring_elements 0.40047
published_at 2026-04-09T12:55:00Z
6
value 0.00183
scoring_system epss
scoring_elements 0.40057
published_at 2026-04-11T12:55:00Z
7
value 0.00183
scoring_system epss
scoring_elements 0.4002
published_at 2026-04-12T12:55:00Z
8
value 0.00183
scoring_system epss
scoring_elements 0.4
published_at 2026-04-13T12:55:00Z
9
value 0.00183
scoring_system epss
scoring_elements 0.4005
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38597
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38597
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38597
2
reference_url https://www.wolfssl.com/docs/wolfssl-changelog/
reference_id
reference_type
scores
url https://www.wolfssl.com/docs/wolfssl-changelog/
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992174
reference_id 992174
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992174
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-38597
reference_id CVE-2021-38597
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-38597
fixed_packages
0
url pkg:conan/wolfssl@4.8.1
purl pkg:conan/wolfssl@4.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3774-6bd4-8qcs
1
vulnerability VCID-6n4g-us9a-53g4
2
vulnerability VCID-av4q-73pk-tucd
3
vulnerability VCID-cum2-vp1j-syfc
4
vulnerability VCID-hguq-mr6k-jqd3
5
vulnerability VCID-kksg-tc63-23bm
6
vulnerability VCID-mtcu-yhz9-c7b8
7
vulnerability VCID-ubye-e3yx-pfbb
8
vulnerability VCID-x4tg-m9be-2yfe
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@4.8.1
aliases CVE-2021-38597
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yyy6-k4y2-s3ep
Risk_score4.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@4.8.1