Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/43502?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/43502?format=api", "purl": "pkg:conan/wolfssl@5.0.0", "type": "conan", "namespace": "", "name": "wolfssl", "version": "5.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.6.3", "latest_non_vulnerable_version": "5.6.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95002?format=api", "vulnerability_id": "VCID-3774-6bd4-8qcs", "summary": "wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44718", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42779", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42849", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42877", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42816", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42867", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4288", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42901", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42866", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4291", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42897", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42835", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44718" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44718", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44718" }, { "reference_url": "https://github.com/wolfSSL/wolfssl/releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/wolfSSL/wolfssl/releases" }, { "reference_url": "https://www.wolfssl.com/docs/security-vulnerabilities/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.wolfssl.com/docs/security-vulnerabilities/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44718", "reference_id": "CVE-2021-44718", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44718" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/43503?format=api", "purl": "pkg:conan/wolfssl@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6n4g-us9a-53g4" }, { "vulnerability": "VCID-av4q-73pk-tucd" }, { "vulnerability": "VCID-cum2-vp1j-syfc" }, { "vulnerability": "VCID-hguq-mr6k-jqd3" }, { "vulnerability": "VCID-kksg-tc63-23bm" }, { "vulnerability": "VCID-mtcu-yhz9-c7b8" }, { "vulnerability": "VCID-ubye-e3yx-pfbb" }, { "vulnerability": "VCID-x4tg-m9be-2yfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.1.1" } ], "aliases": [ "CVE-2021-44718" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3774-6bd4-8qcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12219?format=api", "vulnerability_id": "VCID-ykdv-43ha-muhg", "summary": "Use of Insufficiently Random Values\nwolfSSL uses non-random IV values in certain situations. This affects connections (without AEAD) using AES-CBC or DES3 with TLS or DTLS This occurs because of misplaced memory initialization in BuildMessage in internal.c.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51567", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51593", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51554", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51608", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51604", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51654", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51633", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51616", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51658", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51665", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51644", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23408" }, { "reference_url": "https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-511-jan-3rd-2022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-511-jan-3rd-2022" }, { "reference_url": "https://github.com/wolfSSL/wolfssl/pull/4710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/wolfSSL/wolfssl/pull/4710" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004181", "reference_id": "1004181", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004181" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23408", "reference_id": "CVE-2022-23408", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23408" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/43503?format=api", "purl": "pkg:conan/wolfssl@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6n4g-us9a-53g4" }, { "vulnerability": "VCID-av4q-73pk-tucd" }, { "vulnerability": "VCID-cum2-vp1j-syfc" }, { "vulnerability": "VCID-hguq-mr6k-jqd3" }, { "vulnerability": "VCID-kksg-tc63-23bm" }, { "vulnerability": "VCID-mtcu-yhz9-c7b8" }, { "vulnerability": "VCID-ubye-e3yx-pfbb" }, { "vulnerability": "VCID-x4tg-m9be-2yfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.1.1" } ], "aliases": [ "CVE-2022-23408" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ykdv-43ha-muhg" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.0.0" }