Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/934057?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/934057?format=api", "purl": "pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u2?distro=trixie", "type": "deb", "namespace": "debian", "name": "openssl", "version": "1.1.1w-0+deb11u2", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.1.1w-0+deb11u3", "latest_non_vulnerable_version": "3.6.2-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75049?format=api", "vulnerability_id": "VCID-bfv6-sbnh-5uh5", "summary": "openssl: SSL_select_next_proto buffer overread", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5535.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5535.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5535", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0505", "scoring_system": "epss", "scoring_elements": "0.89749", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0505", "scoring_system": "epss", "scoring_elements": "0.89767", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05181", "scoring_system": "epss", "scoring_elements": "0.89921", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05181", "scoring_system": "epss", "scoring_elements": "0.89872", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05181", "scoring_system": "epss", "scoring_elements": "0.89885", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05181", "scoring_system": "epss", "scoring_elements": "0.89912", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05181", "scoring_system": "epss", "scoring_elements": "0.8992", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05181", "scoring_system": "epss", "scoring_elements": "0.89918", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05181", "scoring_system": "epss", "scoring_elements": "0.89911", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05181", "scoring_system": "epss", "scoring_elements": "0.89925", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05181", "scoring_system": "epss", "scoring_elements": "0.89926", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5535" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5535", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5535" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074487", "reference_id": "1074487", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074487" }, { "reference_url": "https://www.openssl.org/news/secadv/20240627.txt", "reference_id": "20240627.txt", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-27T13:50:16Z/" } ], "url": "https://www.openssl.org/news/secadv/20240627.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294581", "reference_id": "2294581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294581" }, { "reference_url": "https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37", "reference_id": "4ada436a1946cbb24db5ab4ca082b69c1bc10f37", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-27T13:50:16Z/" } ], "url": "https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37" }, { "reference_url": "https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c", "reference_id": "9947251413065a05189a63c9b7a6c1d4e224c21c", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-27T13:50:16Z/" } ], "url": "https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c" }, { "reference_url": "https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e", "reference_id": "99fb785a5f85315b95288921a321a935ea29a51e", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-27T13:50:16Z/" } ], "url": "https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e" }, { "reference_url": "https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87", "reference_id": "b78ec0824da857223486660177d3b1f255c65d87", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-27T13:50:16Z/" } ], "url": "https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87" }, { "reference_url": "https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c", "reference_id": "cf6f91f6121f4db167405db2f0de410a456f260c", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-27T13:50:16Z/" } ], "url": "https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c" }, { "reference_url": "https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c", "reference_id": "e86ac436f0bd54d4517745483e2315650fae7b2c", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-27T13:50:16Z/" } ], "url": "https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7846", "reference_id": "RHSA-2024:7846", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7846" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7847", "reference_id": "RHSA-2024:7847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7848", "reference_id": "RHSA-2024:7848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9333", "reference_id": "RHSA-2024:9333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1671", "reference_id": "RHSA-2025:1671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1673", "reference_id": "RHSA-2025:1673", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1673" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3452", "reference_id": "RHSA-2025:3452", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3452" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3453", "reference_id": "RHSA-2025:3453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3453" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3666", "reference_id": "RHSA-2025:3666", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3666" }, { "reference_url": "https://usn.ubuntu.com/6937-1/", "reference_id": "USN-6937-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6937-1/" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/933951?format=api", "purl": "pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-87vs-4p6w-xbgq" }, { "vulnerability": "VCID-8gde-1md7-5yak" }, { "vulnerability": "VCID-cef8-2p5t-bff7" }, { "vulnerability": "VCID-f2na-rtsu-ffad" }, { "vulnerability": "VCID-hgvf-vxhr-cye8" }, { "vulnerability": "VCID-wuwm-ksb1-6qd5" }, { "vulnerability": "VCID-zkc9-huk8-27bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/934057?format=api", "purl": "pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/934065?format=api", "purl": "pkg:deb/debian/openssl@3.0.15-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.15-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933949?format=api", "purl": "pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8gde-1md7-5yak" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/934066?format=api", "purl": "pkg:deb/debian/openssl@3.3.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.3.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933953?format=api", "purl": "pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7f9q-mhsr-8bfq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933952?format=api", "purl": "pkg:deb/debian/openssl@3.6.1-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-74wu-sup9-cybb" }, { "vulnerability": "VCID-7f9q-mhsr-8bfq" }, { "vulnerability": "VCID-87vs-4p6w-xbgq" }, { "vulnerability": "VCID-cef8-2p5t-bff7" }, { "vulnerability": "VCID-f2na-rtsu-ffad" }, { "vulnerability": "VCID-hgvf-vxhr-cye8" }, { "vulnerability": "VCID-wuwm-ksb1-6qd5" }, { "vulnerability": "VCID-zkc9-huk8-27bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062518?format=api", "purl": "pkg:deb/debian/openssl@3.6.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-5535" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bfv6-sbnh-5uh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76931?format=api", "vulnerability_id": "VCID-efpm-7cfa-z7hx", "summary": "openssl: Unbounded memory growth with session handling in TLSv1.3", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2511.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2511.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2511", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03021", "scoring_system": "epss", "scoring_elements": "0.86635", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03021", "scoring_system": "epss", "scoring_elements": "0.86612", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03021", "scoring_system": "epss", "scoring_elements": "0.86616", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03021", "scoring_system": "epss", "scoring_elements": "0.86623", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03021", "scoring_system": "epss", "scoring_elements": "0.86626", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03021", "scoring_system": "epss", "scoring_elements": "0.86629", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03102", "scoring_system": "epss", "scoring_elements": "0.86825", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03875", "scoring_system": "epss", "scoring_elements": "0.88227", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03875", "scoring_system": "epss", "scoring_elements": "0.88186", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03875", "scoring_system": "epss", "scoring_elements": "0.88201", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03875", "scoring_system": "epss", "scoring_elements": "0.88207", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2511" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658", "reference_id": "1068658", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658" }, { "reference_url": "https://www.openssl.org/news/secadv/20240408.txt", "reference_id": "20240408.txt", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-09T15:14:41Z/" } ], "url": "https://www.openssl.org/news/secadv/20240408.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274020", "reference_id": "2274020", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274020" }, { "reference_url": "https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640", "reference_id": "5f8d25770ae6437db119dfc951e207271a326640", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-09T15:14:41Z/" } ], "url": "https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640" }, { "reference_url": "https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce", "reference_id": "7e4d731b1c07201ad9374c1cd9ac5263bdf35bce", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-09T15:14:41Z/" } ], "url": "https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce" }, { "reference_url": "https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d", "reference_id": "b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-09T15:14:41Z/" } ], "url": "https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d" }, { "reference_url": "https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08", "reference_id": "e9d7083e241670332e0443da0f0d4ffb52829f08", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-09T15:14:41Z/" } ], "url": "https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9333", "reference_id": "RHSA-2024:9333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9333" }, { "reference_url": "https://usn.ubuntu.com/6937-1/", "reference_id": "USN-6937-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6937-1/" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/933951?format=api", "purl": "pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-87vs-4p6w-xbgq" }, { "vulnerability": "VCID-8gde-1md7-5yak" }, { "vulnerability": "VCID-cef8-2p5t-bff7" }, { "vulnerability": "VCID-f2na-rtsu-ffad" }, { "vulnerability": "VCID-hgvf-vxhr-cye8" }, { "vulnerability": "VCID-wuwm-ksb1-6qd5" }, { "vulnerability": "VCID-zkc9-huk8-27bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/934057?format=api", "purl": "pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/934063?format=api", "purl": "pkg:deb/debian/openssl@3.0.14-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.14-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933949?format=api", "purl": "pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8gde-1md7-5yak" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/934064?format=api", "purl": "pkg:deb/debian/openssl@3.2.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.2.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933953?format=api", "purl": "pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7f9q-mhsr-8bfq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933952?format=api", "purl": "pkg:deb/debian/openssl@3.6.1-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-74wu-sup9-cybb" }, { "vulnerability": "VCID-7f9q-mhsr-8bfq" }, { "vulnerability": "VCID-87vs-4p6w-xbgq" }, { "vulnerability": "VCID-cef8-2p5t-bff7" }, { "vulnerability": "VCID-f2na-rtsu-ffad" }, { "vulnerability": "VCID-hgvf-vxhr-cye8" }, { "vulnerability": "VCID-wuwm-ksb1-6qd5" }, { "vulnerability": "VCID-zkc9-huk8-27bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062518?format=api", "purl": "pkg:deb/debian/openssl@3.6.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-2511" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-efpm-7cfa-z7hx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73537?format=api", "vulnerability_id": "VCID-gz4c-x1gb-muat", "summary": "openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9143.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9143.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9143", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70565", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70556", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70512", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70526", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70542", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70518", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70503", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70457", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70462", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70479", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0089", "scoring_system": "epss", "scoring_elements": "0.75555", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9143" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085378", "reference_id": "1085378", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085378" }, { "reference_url": "https://openssl-library.org/news/secadv/20241016.txt", "reference_id": "20241016.txt", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T19:45:11Z/" } ], "url": "https://openssl-library.org/news/secadv/20241016.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319236", "reference_id": "2319236", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319236" }, { "reference_url": "https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712", "reference_id": "72ae83ad214d2eef262461365a1975707f862712", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T19:45:11Z/" } ], "url": "https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712" }, { "reference_url": "https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a", "reference_id": "8efc0cbaa8ebba8e116f7b81a876a4123594d86a", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T19:45:11Z/" } ], "url": "https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a" }, { "reference_url": "https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41", "reference_id": "9d576994cec2b7aa37a91740ea7e680810957e41", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T19:45:11Z/" } ], "url": "https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41" }, { "reference_url": "https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700", "reference_id": "bc7e04d7c8d509fb78fc0e285aa948fb0da04700", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T19:45:11Z/" } ], "url": "https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700" }, { "reference_url": "https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4", "reference_id": "c0d3e4d32d2805f49bec30547f225bc4d092e1f4", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T19:45:11Z/" } ], "url": "https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4" }, { "reference_url": "https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154", "reference_id": "fdf6723362ca51bd883295efe206cb5b1cfa5154", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T19:45:11Z/" } ], "url": "https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154" }, { "reference_url": "https://usn.ubuntu.com/7264-1/", "reference_id": "USN-7264-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7264-1/" }, { "reference_url": "https://usn.ubuntu.com/7278-1/", "reference_id": "USN-7278-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7278-1/" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/933951?format=api", "purl": "pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-87vs-4p6w-xbgq" }, { "vulnerability": "VCID-8gde-1md7-5yak" }, { "vulnerability": "VCID-cef8-2p5t-bff7" }, { "vulnerability": "VCID-f2na-rtsu-ffad" }, { "vulnerability": "VCID-hgvf-vxhr-cye8" }, { "vulnerability": "VCID-wuwm-ksb1-6qd5" }, { "vulnerability": "VCID-zkc9-huk8-27bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/934057?format=api", "purl": "pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/934065?format=api", "purl": "pkg:deb/debian/openssl@3.0.15-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.15-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933949?format=api", "purl": "pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8gde-1md7-5yak" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/934068?format=api", "purl": "pkg:deb/debian/openssl@3.3.2-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.3.2-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933953?format=api", "purl": "pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7f9q-mhsr-8bfq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933952?format=api", "purl": "pkg:deb/debian/openssl@3.6.1-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-74wu-sup9-cybb" }, { "vulnerability": "VCID-7f9q-mhsr-8bfq" }, { "vulnerability": "VCID-87vs-4p6w-xbgq" }, { "vulnerability": "VCID-cef8-2p5t-bff7" }, { "vulnerability": "VCID-f2na-rtsu-ffad" }, { "vulnerability": "VCID-hgvf-vxhr-cye8" }, { "vulnerability": "VCID-wuwm-ksb1-6qd5" }, { "vulnerability": "VCID-zkc9-huk8-27bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062518?format=api", "purl": "pkg:deb/debian/openssl@3.6.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-9143" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gz4c-x1gb-muat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14009?format=api", "vulnerability_id": "VCID-hpev-apm4-sqfw", "summary": "Null pointer dereference in PKCS12 parsing\nIssue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0727.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0727.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-0727", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.4659", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46556", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46528", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46593", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46537", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46509", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46529", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46477", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46533", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-0727" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2" }, { "reference_url": "https://github.com/github/advisory-database/pull/3472", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/github/advisory-database/pull/3472" }, { "reference_url": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/" } ], "url": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2" }, { "reference_url": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/" } ], "url": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a" }, { "reference_url": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/" } ], "url": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c" }, { "reference_url": "https://github.com/openssl/openssl/pull/23362", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openssl/openssl/pull/23362" }, { "reference_url": "https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d" }, { "reference_url": "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/" } ], "url": "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8" }, { "reference_url": "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/" } ], "url": "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0727", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0727" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240208-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240208-0006" }, { "reference_url": "https://www.openssl.org/news/secadv/20240125.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/" } ], "url": "https://www.openssl.org/news/secadv/20240125.txt" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/03/11/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061582", "reference_id": "1061582", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061582" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259944", "reference_id": "2259944", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259944" }, { "reference_url": "https://github.com/advisories/GHSA-9v9h-cgj8-h64p", "reference_id": "GHSA-9v9h-cgj8-h64p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9v9h-cgj8-h64p" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2447", "reference_id": "RHSA-2024:2447", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9088", "reference_id": "RHSA-2024:9088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9088" }, { "reference_url": "https://usn.ubuntu.com/6622-1/", "reference_id": "USN-6622-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6622-1/" }, { "reference_url": "https://usn.ubuntu.com/6632-1/", "reference_id": "USN-6632-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6632-1/" }, { "reference_url": "https://usn.ubuntu.com/6709-1/", "reference_id": "USN-6709-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6709-1/" }, { "reference_url": "https://usn.ubuntu.com/7018-1/", "reference_id": "USN-7018-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7018-1/" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/933951?format=api", "purl": "pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-87vs-4p6w-xbgq" }, { "vulnerability": "VCID-8gde-1md7-5yak" }, { "vulnerability": "VCID-cef8-2p5t-bff7" }, { "vulnerability": "VCID-f2na-rtsu-ffad" }, { "vulnerability": "VCID-hgvf-vxhr-cye8" }, { "vulnerability": "VCID-wuwm-ksb1-6qd5" }, { "vulnerability": "VCID-zkc9-huk8-27bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/934057?format=api", "purl": "pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/934056?format=api", "purl": "pkg:deb/debian/openssl@3.0.13-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.13-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933949?format=api", "purl": "pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8gde-1md7-5yak" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/934059?format=api", "purl": "pkg:deb/debian/openssl@3.1.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.1.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933953?format=api", "purl": "pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7f9q-mhsr-8bfq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933952?format=api", "purl": "pkg:deb/debian/openssl@3.6.1-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-74wu-sup9-cybb" }, { "vulnerability": "VCID-7f9q-mhsr-8bfq" }, { "vulnerability": "VCID-87vs-4p6w-xbgq" }, { "vulnerability": "VCID-cef8-2p5t-bff7" }, { "vulnerability": "VCID-f2na-rtsu-ffad" }, { "vulnerability": "VCID-hgvf-vxhr-cye8" }, { "vulnerability": "VCID-wuwm-ksb1-6qd5" }, { "vulnerability": "VCID-zkc9-huk8-27bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062518?format=api", "purl": "pkg:deb/debian/openssl@3.6.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-0727", "GHSA-9v9h-cgj8-h64p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hpev-apm4-sqfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75509?format=api", "vulnerability_id": "VCID-jq5s-hzam-zfda", "summary": "openssl: Use After Free with SSL_free_buffers", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4741.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4741.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4741", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49905", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58131", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58119", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58094", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58148", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58152", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58167", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58144", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58124", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58155", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4741" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4741", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4741" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072113", "reference_id": "1072113", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072113" }, { "reference_url": "https://www.openssl.org/news/secadv/20240528.txt", "reference_id": "20240528.txt", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:45:07Z/" } ], "url": "https://www.openssl.org/news/secadv/20240528.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283757", "reference_id": "2283757", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283757" }, { "reference_url": "https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177", "reference_id": "704f725b96aa373ee45ecfb23f6abfe8be8d9177", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:45:07Z/" } ], "url": "https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177" }, { "reference_url": "https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d", "reference_id": "b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:45:07Z/" } ], "url": "https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d" }, { "reference_url": "https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac", "reference_id": "c88c3de51020c37e8706bf7a682a162593053aac", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:45:07Z/" } ], "url": "https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac" }, { "reference_url": "https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8", "reference_id": "e5093133c35ca82874ad83697af76f4b0f7e3bd8", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:45:07Z/" } ], "url": "https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8" }, { "reference_url": "https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4", "reference_id": "f7a045f3143fc6da2ee66bf52d8df04829590dd4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:45:07Z/" } ], "url": "https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9333", "reference_id": "RHSA-2024:9333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9333" }, { "reference_url": "https://usn.ubuntu.com/6937-1/", "reference_id": "USN-6937-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6937-1/" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/933951?format=api", "purl": "pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-87vs-4p6w-xbgq" }, { "vulnerability": "VCID-8gde-1md7-5yak" }, { "vulnerability": "VCID-cef8-2p5t-bff7" }, { "vulnerability": "VCID-f2na-rtsu-ffad" }, { "vulnerability": "VCID-hgvf-vxhr-cye8" }, { "vulnerability": "VCID-wuwm-ksb1-6qd5" }, { "vulnerability": "VCID-zkc9-huk8-27bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/934057?format=api", "purl": "pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/934063?format=api", "purl": "pkg:deb/debian/openssl@3.0.14-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.14-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933949?format=api", "purl": "pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8gde-1md7-5yak" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/934064?format=api", "purl": "pkg:deb/debian/openssl@3.2.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.2.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933953?format=api", "purl": "pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7f9q-mhsr-8bfq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933952?format=api", "purl": "pkg:deb/debian/openssl@3.6.1-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-74wu-sup9-cybb" }, { "vulnerability": "VCID-7f9q-mhsr-8bfq" }, { "vulnerability": "VCID-87vs-4p6w-xbgq" }, { "vulnerability": "VCID-cef8-2p5t-bff7" }, { "vulnerability": "VCID-f2na-rtsu-ffad" }, { "vulnerability": "VCID-hgvf-vxhr-cye8" }, { "vulnerability": "VCID-wuwm-ksb1-6qd5" }, { "vulnerability": "VCID-zkc9-huk8-27bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062518?format=api", "purl": "pkg:deb/debian/openssl@3.6.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-4741" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jq5s-hzam-zfda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19698?format=api", "vulnerability_id": "VCID-sn5k-3e59-7ba8", "summary": "Improper Check for Unusual or Exceptional Conditions\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() does not make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it does not check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n\"-pubcheck\" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5678.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5678.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5678", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70523", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70482", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70498", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70522", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70507", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70492", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70535", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70543", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.7097", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.70945", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.70953", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5678" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T19:42:37Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T19:42:37Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T19:42:37Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T19:42:37Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "reference_url": "https://www.openssl.org/news/secadv/20231106.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T19:42:37Z/" } ], "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055473", "reference_id": "1055473", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055473" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248616", "reference_id": "2248616", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248616" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5678", "reference_id": "CVE-2023-5678", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5678" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7877", "reference_id": "RHSA-2023:7877", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7877" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0154", "reference_id": "RHSA-2024:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0208", "reference_id": "RHSA-2024:0208", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0208" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1316", "reference_id": "RHSA-2024:1316", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1316" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1317", "reference_id": "RHSA-2024:1317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1317" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1318", "reference_id": "RHSA-2024:1318", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1318" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1319", "reference_id": "RHSA-2024:1319", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1319" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1325", "reference_id": "RHSA-2024:1325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2447", "reference_id": "RHSA-2024:2447", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2447" }, { "reference_url": "https://usn.ubuntu.com/6622-1/", "reference_id": "USN-6622-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6622-1/" }, { "reference_url": "https://usn.ubuntu.com/6632-1/", "reference_id": "USN-6632-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6632-1/" }, { "reference_url": "https://usn.ubuntu.com/6709-1/", "reference_id": "USN-6709-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6709-1/" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/933951?format=api", "purl": "pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-87vs-4p6w-xbgq" }, { "vulnerability": "VCID-8gde-1md7-5yak" }, { "vulnerability": "VCID-cef8-2p5t-bff7" }, { "vulnerability": "VCID-f2na-rtsu-ffad" }, { "vulnerability": "VCID-hgvf-vxhr-cye8" }, { "vulnerability": "VCID-wuwm-ksb1-6qd5" }, { "vulnerability": "VCID-zkc9-huk8-27bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/934057?format=api", "purl": "pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/934058?format=api", "purl": "pkg:deb/debian/openssl@3.0.12-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.12-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/934056?format=api", "purl": "pkg:deb/debian/openssl@3.0.13-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.13-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933949?format=api", "purl": "pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8gde-1md7-5yak" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933953?format=api", "purl": "pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7f9q-mhsr-8bfq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/933952?format=api", "purl": "pkg:deb/debian/openssl@3.6.1-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-74wu-sup9-cybb" }, { "vulnerability": "VCID-7f9q-mhsr-8bfq" }, { "vulnerability": "VCID-87vs-4p6w-xbgq" }, { "vulnerability": "VCID-cef8-2p5t-bff7" }, { "vulnerability": "VCID-f2na-rtsu-ffad" }, { "vulnerability": "VCID-hgvf-vxhr-cye8" }, { "vulnerability": "VCID-wuwm-ksb1-6qd5" }, { "vulnerability": "VCID-zkc9-huk8-27bc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1062518?format=api", "purl": "pkg:deb/debian/openssl@3.6.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-5678" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sn5k-3e59-7ba8" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u2%3Fdistro=trixie" }