Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:conan/wolfssl@5.6.3
Typeconan
Namespace
Namewolfssl
Version5.6.3
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-hguq-mr6k-jqd3
vulnerability_id VCID-hguq-mr6k-jqd3
summary 
Improper Certificate Validation
If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. Using a potentially known IKM value when generating the session master secret key compromises the key generated, allowing an eavesdropper to reconstruct it and potentially allowing access to or meddling with message contents in the session. This issue does not affect client validation of connected servers, nor expose private key information, but could result in an insecure TLS 1.3 session when not controlling both sides of the connection. wolfSSL recommends that TLS 1.3 client side users update the version of wolfSSL used.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3724
reference_id
reference_type
scores
0
value 0.00107
scoring_system epss
scoring_elements 0.29064
published_at 2026-04-02T12:55:00Z
1
value 0.00107
scoring_system epss
scoring_elements 0.29115
published_at 2026-04-04T12:55:00Z
2
value 0.00107
scoring_system epss
scoring_elements 0.28927
published_at 2026-04-07T12:55:00Z
3
value 0.00107
scoring_system epss
scoring_elements 0.28992
published_at 2026-04-08T12:55:00Z
4
value 0.00107
scoring_system epss
scoring_elements 0.29035
published_at 2026-04-09T12:55:00Z
5
value 0.00134
scoring_system epss
scoring_elements 0.3311
published_at 2026-04-12T12:55:00Z
6
value 0.00134
scoring_system epss
scoring_elements 0.33087
published_at 2026-04-13T12:55:00Z
7
value 0.00134
scoring_system epss
scoring_elements 0.33128
published_at 2026-04-16T12:55:00Z
8
value 0.00134
scoring_system epss
scoring_elements 0.33105
published_at 2026-04-18T12:55:00Z
9
value 0.00134
scoring_system epss
scoring_elements 0.33149
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3724
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3724
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3724
2
reference_url https://github.com/wolfSSL/wolfssl/pull/6412
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-29T15:53:34Z/
url https://github.com/wolfSSL/wolfssl/pull/6412
3
reference_url https://www.wolfssl.com/docs/security-vulnerabilities/
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-29T15:53:34Z/
url https://www.wolfssl.com/docs/security-vulnerabilities/
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041699
reference_id 1041699
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041699
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3724
reference_id CVE-2023-3724
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-3724
fixed_packages
0
url pkg:conan/wolfssl@5.6.3
purl pkg:conan/wolfssl@5.6.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.6.3
aliases CVE-2023-3724
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hguq-mr6k-jqd3
1
url VCID-ubye-e3yx-pfbb
vulnerability_id VCID-ubye-e3yx-pfbb
summary In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42905
reference_id
reference_type
scores
0
value 0.06142
scoring_system epss
scoring_elements 0.90836
published_at 2026-04-18T12:55:00Z
1
value 0.06142
scoring_system epss
scoring_elements 0.90784
published_at 2026-04-04T12:55:00Z
2
value 0.06142
scoring_system epss
scoring_elements 0.90794
published_at 2026-04-07T12:55:00Z
3
value 0.06142
scoring_system epss
scoring_elements 0.90805
published_at 2026-04-08T12:55:00Z
4
value 0.06142
scoring_system epss
scoring_elements 0.90812
published_at 2026-04-09T12:55:00Z
5
value 0.06142
scoring_system epss
scoring_elements 0.9082
published_at 2026-04-12T12:55:00Z
6
value 0.06142
scoring_system epss
scoring_elements 0.90819
published_at 2026-04-13T12:55:00Z
7
value 0.06142
scoring_system epss
scoring_elements 0.90838
published_at 2026-04-16T12:55:00Z
8
value 0.06142
scoring_system epss
scoring_elements 0.90773
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42905
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42905
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42905
2
reference_url https://github.com/wolfSSL/wolfssl/releases
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/
url https://github.com/wolfSSL/wolfssl/releases
3
reference_url https://www.wolfssl.com/docs/security-vulnerabilities/
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/
url https://www.wolfssl.com/docs/security-vulnerabilities/
4
reference_url http://seclists.org/fulldisclosure/2023/Jan/11
reference_id 11
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/
url http://seclists.org/fulldisclosure/2023/Jan/11
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42905
reference_id CVE-2022-42905
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-42905
6
reference_url https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable
reference_id v5.5.2-stable
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/
url https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable
7
reference_url https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
reference_id wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/
url https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
8
reference_url http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html
reference_id wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/
url http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html
fixed_packages
0
url pkg:conan/wolfssl@5.6.3
purl pkg:conan/wolfssl@5.6.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.6.3
aliases CVE-2022-42905
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ubye-e3yx-pfbb
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.6.3