Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/wolfssl@5.5.3-1?distro=trixie

Type deb

Namespace debian

Name wolfssl

Version 5.5.3-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 5.5.4-2+deb12u1

Latest_non_vulnerable_version 5.9.1-0.1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-6n4g-us9a-53g4

vulnerability_id VCID-6n4g-us9a-53g4

summary An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of wolfSSL's native API.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-38152

reference_id

reference_type

scores

value	0.02711
scoring_system	epss
scoring_elements	0.85849
published_at	2026-04-02T12:55:00Z

value	0.02711
scoring_system	epss
scoring_elements	0.85867
published_at	2026-04-04T12:55:00Z

value	0.02711
scoring_system	epss
scoring_elements	0.85871
published_at	2026-04-07T12:55:00Z

value	0.02711
scoring_system	epss
scoring_elements	0.85889
published_at	2026-04-08T12:55:00Z

value	0.02711
scoring_system	epss
scoring_elements	0.85899
published_at	2026-04-09T12:55:00Z

value	0.02711
scoring_system	epss
scoring_elements	0.85914
published_at	2026-04-11T12:55:00Z

value	0.02711
scoring_system	epss
scoring_elements	0.85911
published_at	2026-04-12T12:55:00Z

value	0.02711
scoring_system	epss
scoring_elements	0.85906
published_at	2026-04-13T12:55:00Z

value	0.02711
scoring_system	epss
scoring_elements	0.85924
published_at	2026-04-16T12:55:00Z

value	0.02711
scoring_system	epss
scoring_elements	0.85928
published_at	2026-04-18T12:55:00Z

value	0.02711
scoring_system	epss
scoring_elements	0.85919
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-38152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38152

reference_url	https://github.com/tlspuffin/tlspuffin
reference_id
reference_type
scores
url	https://github.com/tlspuffin/tlspuffin

reference_url	https://github.com/wolfSSL/wolfssl/pull/5468
reference_id
reference_type
scores
url	https://github.com/wolfSSL/wolfssl/pull/5468

reference_url	https://github.com/wolfSSL/wolfssl/releases
reference_id
reference_type
scores
url	https://github.com/wolfSSL/wolfssl/releases

reference_url	https://www.wolfssl.com/docs/security-vulnerabilities/
reference_id
reference_type
scores
url	https://www.wolfssl.com/docs/security-vulnerabilities/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021021
reference_id	1021021
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021021

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-38152
reference_id	CVE-2022-38152
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-38152

fixed_packages

url	pkg:deb/debian/wolfssl@5.5.3-1?distro=trixie
purl	pkg:deb/debian/wolfssl@5.5.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.3-1%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15fz-hhc7-kyaa

vulnerability	VCID-1u3q-52yd-1bhe

vulnerability	VCID-24mg-wn6a-6bew

vulnerability	VCID-24s5-d6jt-4kfe

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-3gve-u4f4-bkht

vulnerability	VCID-47nm-nte5-27fm

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-4zyq-af27-yqa4

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-75y2-h9uk-n3a6

vulnerability	VCID-7xbp-qkvv-bqgm

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9hdy-aqa2-w3bd

vulnerability	VCID-9jb1-k32z-w7gw

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-bfap-h1d9-33dj

vulnerability	VCID-cv4y-g4un-ckd4

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-dpu2-4w42-kygw

vulnerability	VCID-euma-vgqx-sbau

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-f5kd-yqz2-nkcb

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-g5u9-khw6-4kgn

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-gtdh-mytb-t3fh

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hdbf-118z-2yec

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jc3b-m4ud-n7fw

vulnerability	VCID-jvnf-vh29-ufdh

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-n6uz-fe7m-uqhk

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-nqhj-d7uw-43hd

vulnerability	VCID-srmp-3tvp-9uhv

vulnerability	VCID-su8x-6n42-n3d5

vulnerability	VCID-u24a-2khf-uyba

vulnerability	VCID-u55w-unmd-97cm

vulnerability	VCID-udcq-enxt-wyf1

vulnerability	VCID-ugd8-9xzt-xbdz

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-vugd-2jfz-23b5

vulnerability	VCID-x3uy-7crx-2kae

vulnerability	VCID-xfgd-4hs3-vygk

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

vulnerability	VCID-zhf4-y8v8-gubn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.4-2%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15fz-hhc7-kyaa

vulnerability	VCID-24mg-wn6a-6bew

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-3gve-u4f4-bkht

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-4zyq-af27-yqa4

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-75y2-h9uk-n3a6

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9jb1-k32z-w7gw

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-bfap-h1d9-33dj

vulnerability	VCID-cv4y-g4un-ckd4

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-f5kd-yqz2-nkcb

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-g5u9-khw6-4kgn

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-gtdh-mytb-t3fh

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hdbf-118z-2yec

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jc3b-m4ud-n7fw

vulnerability	VCID-jvnf-vh29-ufdh

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-n6uz-fe7m-uqhk

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-nqhj-d7uw-43hd

vulnerability	VCID-srmp-3tvp-9uhv

vulnerability	VCID-u55w-unmd-97cm

vulnerability	VCID-udcq-enxt-wyf1

vulnerability	VCID-ugd8-9xzt-xbdz

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-vugd-2jfz-23b5

vulnerability	VCID-x3uy-7crx-2kae

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie

purl pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15fz-hhc7-kyaa

vulnerability	VCID-24mg-wn6a-6bew

vulnerability	VCID-3gve-u4f4-bkht

vulnerability	VCID-4zyq-af27-yqa4

vulnerability	VCID-75y2-h9uk-n3a6

vulnerability	VCID-9jb1-k32z-w7gw

vulnerability	VCID-bfap-h1d9-33dj

vulnerability	VCID-cv4y-g4un-ckd4

vulnerability	VCID-f5kd-yqz2-nkcb

vulnerability	VCID-g5u9-khw6-4kgn

vulnerability	VCID-gtdh-mytb-t3fh

vulnerability	VCID-hdbf-118z-2yec

vulnerability	VCID-jc3b-m4ud-n7fw

vulnerability	VCID-jvnf-vh29-ufdh

vulnerability	VCID-n6uz-fe7m-uqhk

vulnerability	VCID-nqhj-d7uw-43hd

vulnerability	VCID-srmp-3tvp-9uhv

vulnerability	VCID-u55w-unmd-97cm

vulnerability	VCID-udcq-enxt-wyf1

vulnerability	VCID-ugd8-9xzt-xbdz

vulnerability	VCID-vugd-2jfz-23b5

vulnerability	VCID-x3uy-7crx-2kae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie

url	pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
purl	pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie

aliases CVE-2022-38152

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6n4g-us9a-53g4

url VCID-cum2-vp1j-syfc

vulnerability_id VCID-cum2-vp1j-syfc

summary wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-34293

reference_id

reference_type

scores

value	0.00962
scoring_system	epss
scoring_elements	0.76437
published_at	2026-04-02T12:55:00Z

value	0.00962
scoring_system	epss
scoring_elements	0.76466
published_at	2026-04-04T12:55:00Z

value	0.00962
scoring_system	epss
scoring_elements	0.76448
published_at	2026-04-07T12:55:00Z

value	0.00962
scoring_system	epss
scoring_elements	0.7648
published_at	2026-04-08T12:55:00Z

value	0.00962
scoring_system	epss
scoring_elements	0.76494
published_at	2026-04-09T12:55:00Z

value	0.00962
scoring_system	epss
scoring_elements	0.7652
published_at	2026-04-11T12:55:00Z

value	0.00962
scoring_system	epss
scoring_elements	0.76499
published_at	2026-04-12T12:55:00Z

value	0.00962
scoring_system	epss
scoring_elements	0.76493
published_at	2026-04-13T12:55:00Z

value	0.00962
scoring_system	epss
scoring_elements	0.76533
published_at	2026-04-16T12:55:00Z

value	0.00962
scoring_system	epss
scoring_elements	0.76537
published_at	2026-04-18T12:55:00Z

value	0.00962
scoring_system	epss
scoring_elements	0.76526
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-34293

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34293
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34293

reference_url	https://github.com/wolfSSL/wolfssl/releases/tag/v5.4.0-stable
reference_id
reference_type
scores
url	https://github.com/wolfSSL/wolfssl/releases/tag/v5.4.0-stable

reference_url	http://www.openwall.com/lists/oss-security/2022/08/08/6
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2022/08/08/6

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016981
reference_id	1016981
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016981

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-34293
reference_id	CVE-2022-34293
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-34293

fixed_packages

url	pkg:deb/debian/wolfssl@5.5.3-1?distro=trixie
purl	pkg:deb/debian/wolfssl@5.5.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.3-1%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15fz-hhc7-kyaa

vulnerability	VCID-1u3q-52yd-1bhe

vulnerability	VCID-24mg-wn6a-6bew

vulnerability	VCID-24s5-d6jt-4kfe

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-3gve-u4f4-bkht

vulnerability	VCID-47nm-nte5-27fm

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-4zyq-af27-yqa4

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-75y2-h9uk-n3a6

vulnerability	VCID-7xbp-qkvv-bqgm

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9hdy-aqa2-w3bd

vulnerability	VCID-9jb1-k32z-w7gw

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-bfap-h1d9-33dj

vulnerability	VCID-cv4y-g4un-ckd4

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-dpu2-4w42-kygw

vulnerability	VCID-euma-vgqx-sbau

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-f5kd-yqz2-nkcb

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-g5u9-khw6-4kgn

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-gtdh-mytb-t3fh

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hdbf-118z-2yec

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jc3b-m4ud-n7fw

vulnerability	VCID-jvnf-vh29-ufdh

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-n6uz-fe7m-uqhk

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-nqhj-d7uw-43hd

vulnerability	VCID-srmp-3tvp-9uhv

vulnerability	VCID-su8x-6n42-n3d5

vulnerability	VCID-u24a-2khf-uyba

vulnerability	VCID-u55w-unmd-97cm

vulnerability	VCID-udcq-enxt-wyf1

vulnerability	VCID-ugd8-9xzt-xbdz

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-vugd-2jfz-23b5

vulnerability	VCID-x3uy-7crx-2kae

vulnerability	VCID-xfgd-4hs3-vygk

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

vulnerability	VCID-zhf4-y8v8-gubn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.4-2%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15fz-hhc7-kyaa

vulnerability	VCID-24mg-wn6a-6bew

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-3gve-u4f4-bkht

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-4zyq-af27-yqa4

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-75y2-h9uk-n3a6

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9jb1-k32z-w7gw

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-bfap-h1d9-33dj

vulnerability	VCID-cv4y-g4un-ckd4

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-f5kd-yqz2-nkcb

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-g5u9-khw6-4kgn

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-gtdh-mytb-t3fh

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hdbf-118z-2yec

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jc3b-m4ud-n7fw

vulnerability	VCID-jvnf-vh29-ufdh

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-n6uz-fe7m-uqhk

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-nqhj-d7uw-43hd

vulnerability	VCID-srmp-3tvp-9uhv

vulnerability	VCID-u55w-unmd-97cm

vulnerability	VCID-udcq-enxt-wyf1

vulnerability	VCID-ugd8-9xzt-xbdz

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-vugd-2jfz-23b5

vulnerability	VCID-x3uy-7crx-2kae

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie

purl pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15fz-hhc7-kyaa

vulnerability	VCID-24mg-wn6a-6bew

vulnerability	VCID-3gve-u4f4-bkht

vulnerability	VCID-4zyq-af27-yqa4

vulnerability	VCID-75y2-h9uk-n3a6

vulnerability	VCID-9jb1-k32z-w7gw

vulnerability	VCID-bfap-h1d9-33dj

vulnerability	VCID-cv4y-g4un-ckd4

vulnerability	VCID-f5kd-yqz2-nkcb

vulnerability	VCID-g5u9-khw6-4kgn

vulnerability	VCID-gtdh-mytb-t3fh

vulnerability	VCID-hdbf-118z-2yec

vulnerability	VCID-jc3b-m4ud-n7fw

vulnerability	VCID-jvnf-vh29-ufdh

vulnerability	VCID-n6uz-fe7m-uqhk

vulnerability	VCID-nqhj-d7uw-43hd

vulnerability	VCID-srmp-3tvp-9uhv

vulnerability	VCID-u55w-unmd-97cm

vulnerability	VCID-udcq-enxt-wyf1

vulnerability	VCID-ugd8-9xzt-xbdz

vulnerability	VCID-vugd-2jfz-23b5

vulnerability	VCID-x3uy-7crx-2kae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie

url	pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
purl	pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie

aliases CVE-2022-34293

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cum2-vp1j-syfc

url VCID-k32r-azxg-9yh3

vulnerability_id VCID-k32r-azxg-9yh3

summary An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a "free(): invalid pointer" message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-38153

reference_id

reference_type

scores

value	0.00568
scoring_system	epss
scoring_elements	0.68481
published_at	2026-04-02T12:55:00Z

value	0.00568
scoring_system	epss
scoring_elements	0.685
published_at	2026-04-04T12:55:00Z

value	0.00568
scoring_system	epss
scoring_elements	0.68477
published_at	2026-04-07T12:55:00Z

value	0.00568
scoring_system	epss
scoring_elements	0.68527
published_at	2026-04-13T12:55:00Z

value	0.00568
scoring_system	epss
scoring_elements	0.68544
published_at	2026-04-09T12:55:00Z

value	0.00568
scoring_system	epss
scoring_elements	0.68571
published_at	2026-04-11T12:55:00Z

value	0.00568
scoring_system	epss
scoring_elements	0.68558
published_at	2026-04-21T12:55:00Z

value	0.00568
scoring_system	epss
scoring_elements	0.68567
published_at	2026-04-16T12:55:00Z

value	0.00568
scoring_system	epss
scoring_elements	0.6858
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-38153

reference_url	https://github.com/trailofbits/tlspuffin
reference_id
reference_type
scores
url	https://github.com/trailofbits/tlspuffin

reference_url	https://github.com/wolfSSL/wolfssl/pull/5476
reference_id
reference_type
scores
url	https://github.com/wolfSSL/wolfssl/pull/5476

reference_url	https://github.com/wolfSSL/wolfssl/releases
reference_id
reference_type
scores
url	https://github.com/wolfSSL/wolfssl/releases

reference_url	https://www.wolfssl.com/docs/security-vulnerabilities/
reference_id
reference_type
scores
url	https://www.wolfssl.com/docs/security-vulnerabilities/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021021
reference_id	1021021
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021021

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-38153
reference_id	CVE-2022-38153
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-38153

fixed_packages

url	pkg:deb/debian/wolfssl@0?distro=trixie
purl	pkg:deb/debian/wolfssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@0%3Fdistro=trixie

url pkg:deb/debian/wolfssl@4.6.0%2Bp1-0%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/wolfssl@4.6.0%2Bp1-0%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15fz-hhc7-kyaa

vulnerability	VCID-1u3q-52yd-1bhe

vulnerability	VCID-24mg-wn6a-6bew

vulnerability	VCID-24s5-d6jt-4kfe

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-3gve-u4f4-bkht

vulnerability	VCID-47nm-nte5-27fm

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-4zyq-af27-yqa4

vulnerability	VCID-6n4g-us9a-53g4

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-75y2-h9uk-n3a6

vulnerability	VCID-7xbp-qkvv-bqgm

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9hdy-aqa2-w3bd

vulnerability	VCID-9jb1-k32z-w7gw

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-bfap-h1d9-33dj

vulnerability	VCID-cum2-vp1j-syfc

vulnerability	VCID-cv4y-g4un-ckd4

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-dpu2-4w42-kygw

vulnerability	VCID-euma-vgqx-sbau

vulnerability	VCID-f4gq-hqcp-dqe2

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-f5kd-yqz2-nkcb

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-g5u9-khw6-4kgn

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-gtdh-mytb-t3fh

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hdbf-118z-2yec

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jc3b-m4ud-n7fw

vulnerability	VCID-jvnf-vh29-ufdh

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-n6uz-fe7m-uqhk

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-nqhj-d7uw-43hd

vulnerability	VCID-srmp-3tvp-9uhv

vulnerability	VCID-su8x-6n42-n3d5

vulnerability	VCID-u24a-2khf-uyba

vulnerability	VCID-u55w-unmd-97cm

vulnerability	VCID-udcq-enxt-wyf1

vulnerability	VCID-ugd8-9xzt-xbdz

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-vugd-2jfz-23b5

vulnerability	VCID-x3uy-7crx-2kae

vulnerability	VCID-xfgd-4hs3-vygk

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

vulnerability	VCID-zhf4-y8v8-gubn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@4.6.0%252Bp1-0%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/wolfssl@5.5.3-1?distro=trixie
purl	pkg:deb/debian/wolfssl@5.5.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.3-1%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15fz-hhc7-kyaa

vulnerability	VCID-1u3q-52yd-1bhe

vulnerability	VCID-24mg-wn6a-6bew

vulnerability	VCID-24s5-d6jt-4kfe

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-3gve-u4f4-bkht

vulnerability	VCID-47nm-nte5-27fm

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-4zyq-af27-yqa4

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-75y2-h9uk-n3a6

vulnerability	VCID-7xbp-qkvv-bqgm

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9hdy-aqa2-w3bd

vulnerability	VCID-9jb1-k32z-w7gw

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-bfap-h1d9-33dj

vulnerability	VCID-cv4y-g4un-ckd4

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-dpu2-4w42-kygw

vulnerability	VCID-euma-vgqx-sbau

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-f5kd-yqz2-nkcb

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-g5u9-khw6-4kgn

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-gtdh-mytb-t3fh

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hdbf-118z-2yec

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jc3b-m4ud-n7fw

vulnerability	VCID-jvnf-vh29-ufdh

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-n6uz-fe7m-uqhk

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-nqhj-d7uw-43hd

vulnerability	VCID-srmp-3tvp-9uhv

vulnerability	VCID-su8x-6n42-n3d5

vulnerability	VCID-u24a-2khf-uyba

vulnerability	VCID-u55w-unmd-97cm

vulnerability	VCID-udcq-enxt-wyf1

vulnerability	VCID-ugd8-9xzt-xbdz

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-vugd-2jfz-23b5

vulnerability	VCID-x3uy-7crx-2kae

vulnerability	VCID-xfgd-4hs3-vygk

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

vulnerability	VCID-zhf4-y8v8-gubn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.4-2%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15fz-hhc7-kyaa

vulnerability	VCID-24mg-wn6a-6bew

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-3gve-u4f4-bkht

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-4zyq-af27-yqa4

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-75y2-h9uk-n3a6

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9jb1-k32z-w7gw

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-bfap-h1d9-33dj

vulnerability	VCID-cv4y-g4un-ckd4

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-f5kd-yqz2-nkcb

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-g5u9-khw6-4kgn

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-gtdh-mytb-t3fh

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hdbf-118z-2yec

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jc3b-m4ud-n7fw

vulnerability	VCID-jvnf-vh29-ufdh

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-n6uz-fe7m-uqhk

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-nqhj-d7uw-43hd

vulnerability	VCID-srmp-3tvp-9uhv

vulnerability	VCID-u55w-unmd-97cm

vulnerability	VCID-udcq-enxt-wyf1

vulnerability	VCID-ugd8-9xzt-xbdz

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-vugd-2jfz-23b5

vulnerability	VCID-x3uy-7crx-2kae

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie

purl pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15fz-hhc7-kyaa

vulnerability	VCID-24mg-wn6a-6bew

vulnerability	VCID-3gve-u4f4-bkht

vulnerability	VCID-4zyq-af27-yqa4

vulnerability	VCID-75y2-h9uk-n3a6

vulnerability	VCID-9jb1-k32z-w7gw

vulnerability	VCID-bfap-h1d9-33dj

vulnerability	VCID-cv4y-g4un-ckd4

vulnerability	VCID-f5kd-yqz2-nkcb

vulnerability	VCID-g5u9-khw6-4kgn

vulnerability	VCID-gtdh-mytb-t3fh

vulnerability	VCID-hdbf-118z-2yec

vulnerability	VCID-jc3b-m4ud-n7fw

vulnerability	VCID-jvnf-vh29-ufdh

vulnerability	VCID-n6uz-fe7m-uqhk

vulnerability	VCID-nqhj-d7uw-43hd

vulnerability	VCID-srmp-3tvp-9uhv

vulnerability	VCID-u55w-unmd-97cm

vulnerability	VCID-udcq-enxt-wyf1

vulnerability	VCID-ugd8-9xzt-xbdz

vulnerability	VCID-vugd-2jfz-23b5

vulnerability	VCID-x3uy-7crx-2kae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie

url	pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
purl	pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie

aliases CVE-2022-38153

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k32r-azxg-9yh3

url VCID-kksg-tc63-23bm

vulnerability_id VCID-kksg-tc63-23bm

summary In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-39173

reference_id

reference_type

scores

value	0.01374
scoring_system	epss
scoring_elements	0.80194
published_at	2026-04-02T12:55:00Z

value	0.01374
scoring_system	epss
scoring_elements	0.80232
published_at	2026-04-08T12:55:00Z

value	0.01374
scoring_system	epss
scoring_elements	0.80242
published_at	2026-04-09T12:55:00Z

value	0.01374
scoring_system	epss
scoring_elements	0.8026
published_at	2026-04-11T12:55:00Z

value	0.01374
scoring_system	epss
scoring_elements	0.80245
published_at	2026-04-12T12:55:00Z

value	0.01374
scoring_system	epss
scoring_elements	0.80239
published_at	2026-04-13T12:55:00Z

value	0.01374
scoring_system	epss
scoring_elements	0.80269
published_at	2026-04-16T12:55:00Z

value	0.01374
scoring_system	epss
scoring_elements	0.80271
published_at	2026-04-18T12:55:00Z

value	0.01374
scoring_system	epss
scoring_elements	0.80274
published_at	2026-04-21T12:55:00Z

value	0.01374
scoring_system	epss
scoring_elements	0.80214
published_at	2026-04-04T12:55:00Z

value	0.01374
scoring_system	epss
scoring_elements	0.80203
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-39173

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39173
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39173

reference_url

https://github.com/wolfSSL/wolfssl/releases

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T19:43:15Z/

url

https://github.com/wolfSSL/wolfssl/releases

reference_url

https://www.wolfssl.com/docs/security-vulnerabilities/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T19:43:15Z/

url

https://www.wolfssl.com/docs/security-vulnerabilities/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021021
reference_id	1021021
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021021

reference_url

http://seclists.org/fulldisclosure/2022/Oct/24

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T19:43:15Z/

url

http://seclists.org/fulldisclosure/2022/Oct/24

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-39173
reference_id	CVE-2022-39173
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-39173

reference_url

http://packetstormsecurity.com/files/169600/wolfSSL-Buffer-Overflow.html

reference_id

wolfSSL-Buffer-Overflow.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T19:43:15Z/

url

http://packetstormsecurity.com/files/169600/wolfSSL-Buffer-Overflow.html

reference_url

https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/

reference_id

wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T19:43:15Z/

url

https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/

fixed_packages

url pkg:deb/debian/wolfssl@4.6.0%2Bp1-0%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/wolfssl@4.6.0%2Bp1-0%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15fz-hhc7-kyaa

vulnerability	VCID-1u3q-52yd-1bhe

vulnerability	VCID-24mg-wn6a-6bew

vulnerability	VCID-24s5-d6jt-4kfe

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-3gve-u4f4-bkht

vulnerability	VCID-47nm-nte5-27fm

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-4zyq-af27-yqa4

vulnerability	VCID-6n4g-us9a-53g4

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-75y2-h9uk-n3a6

vulnerability	VCID-7xbp-qkvv-bqgm

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9hdy-aqa2-w3bd

vulnerability	VCID-9jb1-k32z-w7gw

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-bfap-h1d9-33dj

vulnerability	VCID-cum2-vp1j-syfc

vulnerability	VCID-cv4y-g4un-ckd4

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-dpu2-4w42-kygw

vulnerability	VCID-euma-vgqx-sbau

vulnerability	VCID-f4gq-hqcp-dqe2

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-f5kd-yqz2-nkcb

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-g5u9-khw6-4kgn

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-gtdh-mytb-t3fh

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hdbf-118z-2yec

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jc3b-m4ud-n7fw

vulnerability	VCID-jvnf-vh29-ufdh

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-n6uz-fe7m-uqhk

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-nqhj-d7uw-43hd

vulnerability	VCID-srmp-3tvp-9uhv

vulnerability	VCID-su8x-6n42-n3d5

vulnerability	VCID-u24a-2khf-uyba

vulnerability	VCID-u55w-unmd-97cm

vulnerability	VCID-udcq-enxt-wyf1

vulnerability	VCID-ugd8-9xzt-xbdz

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-vugd-2jfz-23b5

vulnerability	VCID-x3uy-7crx-2kae

vulnerability	VCID-xfgd-4hs3-vygk

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

vulnerability	VCID-zhf4-y8v8-gubn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@4.6.0%252Bp1-0%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/wolfssl@5.5.3-1?distro=trixie
purl	pkg:deb/debian/wolfssl@5.5.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.3-1%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15fz-hhc7-kyaa

vulnerability	VCID-1u3q-52yd-1bhe

vulnerability	VCID-24mg-wn6a-6bew

vulnerability	VCID-24s5-d6jt-4kfe

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-3gve-u4f4-bkht

vulnerability	VCID-47nm-nte5-27fm

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-4zyq-af27-yqa4

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-75y2-h9uk-n3a6

vulnerability	VCID-7xbp-qkvv-bqgm

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9hdy-aqa2-w3bd

vulnerability	VCID-9jb1-k32z-w7gw

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-bfap-h1d9-33dj

vulnerability	VCID-cv4y-g4un-ckd4

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-dpu2-4w42-kygw

vulnerability	VCID-euma-vgqx-sbau

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-f5kd-yqz2-nkcb

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-g5u9-khw6-4kgn

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-gtdh-mytb-t3fh

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hdbf-118z-2yec

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jc3b-m4ud-n7fw

vulnerability	VCID-jvnf-vh29-ufdh

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-n6uz-fe7m-uqhk

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-nqhj-d7uw-43hd

vulnerability	VCID-srmp-3tvp-9uhv

vulnerability	VCID-su8x-6n42-n3d5

vulnerability	VCID-u24a-2khf-uyba

vulnerability	VCID-u55w-unmd-97cm

vulnerability	VCID-udcq-enxt-wyf1

vulnerability	VCID-ugd8-9xzt-xbdz

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-vugd-2jfz-23b5

vulnerability	VCID-x3uy-7crx-2kae

vulnerability	VCID-xfgd-4hs3-vygk

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

vulnerability	VCID-zhf4-y8v8-gubn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.4-2%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15fz-hhc7-kyaa

vulnerability	VCID-24mg-wn6a-6bew

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-3gve-u4f4-bkht

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-4zyq-af27-yqa4

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-75y2-h9uk-n3a6

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9jb1-k32z-w7gw

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-bfap-h1d9-33dj

vulnerability	VCID-cv4y-g4un-ckd4

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-f5kd-yqz2-nkcb

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-g5u9-khw6-4kgn

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-gtdh-mytb-t3fh

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hdbf-118z-2yec

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jc3b-m4ud-n7fw

vulnerability	VCID-jvnf-vh29-ufdh

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-n6uz-fe7m-uqhk

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-nqhj-d7uw-43hd

vulnerability	VCID-srmp-3tvp-9uhv

vulnerability	VCID-u55w-unmd-97cm

vulnerability	VCID-udcq-enxt-wyf1

vulnerability	VCID-ugd8-9xzt-xbdz

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-vugd-2jfz-23b5

vulnerability	VCID-x3uy-7crx-2kae

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie

purl pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15fz-hhc7-kyaa

vulnerability	VCID-24mg-wn6a-6bew

vulnerability	VCID-3gve-u4f4-bkht

vulnerability	VCID-4zyq-af27-yqa4

vulnerability	VCID-75y2-h9uk-n3a6

vulnerability	VCID-9jb1-k32z-w7gw

vulnerability	VCID-bfap-h1d9-33dj

vulnerability	VCID-cv4y-g4un-ckd4

vulnerability	VCID-f5kd-yqz2-nkcb

vulnerability	VCID-g5u9-khw6-4kgn

vulnerability	VCID-gtdh-mytb-t3fh

vulnerability	VCID-hdbf-118z-2yec

vulnerability	VCID-jc3b-m4ud-n7fw

vulnerability	VCID-jvnf-vh29-ufdh

vulnerability	VCID-n6uz-fe7m-uqhk

vulnerability	VCID-nqhj-d7uw-43hd

vulnerability	VCID-srmp-3tvp-9uhv

vulnerability	VCID-u55w-unmd-97cm

vulnerability	VCID-udcq-enxt-wyf1

vulnerability	VCID-ugd8-9xzt-xbdz

vulnerability	VCID-vugd-2jfz-23b5

vulnerability	VCID-x3uy-7crx-2kae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie

url	pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
purl	pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie

aliases CVE-2022-39173

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kksg-tc63-23bm

url VCID-ubye-e3yx-pfbb

vulnerability_id VCID-ubye-e3yx-pfbb

summary In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-42905

reference_id

reference_type

scores

value	0.06142
scoring_system	epss
scoring_elements	0.90836
published_at	2026-04-21T12:55:00Z

value	0.06142
scoring_system	epss
scoring_elements	0.90784
published_at	2026-04-04T12:55:00Z

value	0.06142
scoring_system	epss
scoring_elements	0.90794
published_at	2026-04-07T12:55:00Z

value	0.06142
scoring_system	epss
scoring_elements	0.90805
published_at	2026-04-08T12:55:00Z

value	0.06142
scoring_system	epss
scoring_elements	0.90812
published_at	2026-04-09T12:55:00Z

value	0.06142
scoring_system	epss
scoring_elements	0.9082
published_at	2026-04-12T12:55:00Z

value	0.06142
scoring_system	epss
scoring_elements	0.90819
published_at	2026-04-13T12:55:00Z

value	0.06142
scoring_system	epss
scoring_elements	0.90838
published_at	2026-04-16T12:55:00Z

value	0.06142
scoring_system	epss
scoring_elements	0.90773
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-42905

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42905

reference_url

https://github.com/wolfSSL/wolfssl/releases

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/

url

https://github.com/wolfSSL/wolfssl/releases

reference_url

https://www.wolfssl.com/docs/security-vulnerabilities/

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/

url

https://www.wolfssl.com/docs/security-vulnerabilities/

reference_url

http://seclists.org/fulldisclosure/2023/Jan/11

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/

url

http://seclists.org/fulldisclosure/2023/Jan/11

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-42905
reference_id	CVE-2022-42905
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-42905

reference_url

https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable

reference_id

v5.5.2-stable

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/

url

https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable

reference_url

https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/

reference_id

wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/

url

https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/

reference_url

http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html

reference_id

wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/

url

http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html

fixed_packages

url pkg:deb/debian/wolfssl@4.6.0%2Bp1-0%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/wolfssl@4.6.0%2Bp1-0%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15fz-hhc7-kyaa

vulnerability	VCID-1u3q-52yd-1bhe

vulnerability	VCID-24mg-wn6a-6bew

vulnerability	VCID-24s5-d6jt-4kfe

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-3gve-u4f4-bkht

vulnerability	VCID-47nm-nte5-27fm

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-4zyq-af27-yqa4

vulnerability	VCID-6n4g-us9a-53g4

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-75y2-h9uk-n3a6

vulnerability	VCID-7xbp-qkvv-bqgm

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9hdy-aqa2-w3bd

vulnerability	VCID-9jb1-k32z-w7gw

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-bfap-h1d9-33dj

vulnerability	VCID-cum2-vp1j-syfc

vulnerability	VCID-cv4y-g4un-ckd4

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-dpu2-4w42-kygw

vulnerability	VCID-euma-vgqx-sbau

vulnerability	VCID-f4gq-hqcp-dqe2

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-f5kd-yqz2-nkcb

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-g5u9-khw6-4kgn

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-gtdh-mytb-t3fh

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hdbf-118z-2yec

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jc3b-m4ud-n7fw

vulnerability	VCID-jvnf-vh29-ufdh

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-n6uz-fe7m-uqhk

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-nqhj-d7uw-43hd

vulnerability	VCID-srmp-3tvp-9uhv

vulnerability	VCID-su8x-6n42-n3d5

vulnerability	VCID-u24a-2khf-uyba

vulnerability	VCID-u55w-unmd-97cm

vulnerability	VCID-udcq-enxt-wyf1

vulnerability	VCID-ugd8-9xzt-xbdz

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-vugd-2jfz-23b5

vulnerability	VCID-x3uy-7crx-2kae

vulnerability	VCID-xfgd-4hs3-vygk

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

vulnerability	VCID-zhf4-y8v8-gubn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@4.6.0%252Bp1-0%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/wolfssl@5.5.3-1?distro=trixie
purl	pkg:deb/debian/wolfssl@5.5.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.3-1%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15fz-hhc7-kyaa

vulnerability	VCID-1u3q-52yd-1bhe

vulnerability	VCID-24mg-wn6a-6bew

vulnerability	VCID-24s5-d6jt-4kfe

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-3gve-u4f4-bkht

vulnerability	VCID-47nm-nte5-27fm

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-4zyq-af27-yqa4

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-75y2-h9uk-n3a6

vulnerability	VCID-7xbp-qkvv-bqgm

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9hdy-aqa2-w3bd

vulnerability	VCID-9jb1-k32z-w7gw

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-bfap-h1d9-33dj

vulnerability	VCID-cv4y-g4un-ckd4

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-dpu2-4w42-kygw

vulnerability	VCID-euma-vgqx-sbau

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-f5kd-yqz2-nkcb

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-g5u9-khw6-4kgn

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-gtdh-mytb-t3fh

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hdbf-118z-2yec

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jc3b-m4ud-n7fw

vulnerability	VCID-jvnf-vh29-ufdh

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-n6uz-fe7m-uqhk

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-nqhj-d7uw-43hd

vulnerability	VCID-srmp-3tvp-9uhv

vulnerability	VCID-su8x-6n42-n3d5

vulnerability	VCID-u24a-2khf-uyba

vulnerability	VCID-u55w-unmd-97cm

vulnerability	VCID-udcq-enxt-wyf1

vulnerability	VCID-ugd8-9xzt-xbdz

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-vugd-2jfz-23b5

vulnerability	VCID-x3uy-7crx-2kae

vulnerability	VCID-xfgd-4hs3-vygk

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

vulnerability	VCID-zhf4-y8v8-gubn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.4-2%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15fz-hhc7-kyaa

vulnerability	VCID-24mg-wn6a-6bew

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-3gve-u4f4-bkht

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-4zyq-af27-yqa4

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-75y2-h9uk-n3a6

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9jb1-k32z-w7gw

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-bfap-h1d9-33dj

vulnerability	VCID-cv4y-g4un-ckd4

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-f5kd-yqz2-nkcb

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-g5u9-khw6-4kgn

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-gtdh-mytb-t3fh

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hdbf-118z-2yec

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jc3b-m4ud-n7fw

vulnerability	VCID-jvnf-vh29-ufdh

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-n6uz-fe7m-uqhk

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-nqhj-d7uw-43hd

vulnerability	VCID-srmp-3tvp-9uhv

vulnerability	VCID-u55w-unmd-97cm

vulnerability	VCID-udcq-enxt-wyf1

vulnerability	VCID-ugd8-9xzt-xbdz

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-vugd-2jfz-23b5

vulnerability	VCID-x3uy-7crx-2kae

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie

purl pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15fz-hhc7-kyaa

vulnerability	VCID-24mg-wn6a-6bew

vulnerability	VCID-3gve-u4f4-bkht

vulnerability	VCID-4zyq-af27-yqa4

vulnerability	VCID-75y2-h9uk-n3a6

vulnerability	VCID-9jb1-k32z-w7gw

vulnerability	VCID-bfap-h1d9-33dj

vulnerability	VCID-cv4y-g4un-ckd4

vulnerability	VCID-f5kd-yqz2-nkcb

vulnerability	VCID-g5u9-khw6-4kgn

vulnerability	VCID-gtdh-mytb-t3fh

vulnerability	VCID-hdbf-118z-2yec

vulnerability	VCID-jc3b-m4ud-n7fw

vulnerability	VCID-jvnf-vh29-ufdh

vulnerability	VCID-n6uz-fe7m-uqhk

vulnerability	VCID-nqhj-d7uw-43hd

vulnerability	VCID-srmp-3tvp-9uhv

vulnerability	VCID-u55w-unmd-97cm

vulnerability	VCID-udcq-enxt-wyf1

vulnerability	VCID-ugd8-9xzt-xbdz

vulnerability	VCID-vugd-2jfz-23b5

vulnerability	VCID-x3uy-7crx-2kae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie

url	pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
purl	pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie

aliases CVE-2022-42905

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ubye-e3yx-pfbb

url VCID-x4tg-m9be-2yfe

vulnerability_id VCID-x4tg-m9be-2yfe

summary An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery. (In 5.5.0 and later, WOLFSSL_CHECK_SIG_FAULTS can be used to address the vulnerability.)

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-42961

reference_id

reference_type

scores

value	0.00271
scoring_system	epss
scoring_elements	0.50516
published_at	2026-04-02T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50543
published_at	2026-04-04T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50498
published_at	2026-04-07T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50553
published_at	2026-04-08T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.5055
published_at	2026-04-09T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.52084
published_at	2026-04-18T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.52065
published_at	2026-04-21T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.52072
published_at	2026-04-11T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.52055
published_at	2026-04-12T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.52038
published_at	2026-04-13T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.52078
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-42961

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42961
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42961

reference_url

https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.0-stable

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:43:21Z/

url

https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.0-stable

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023574
reference_id	1023574
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023574

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-42961
reference_id	CVE-2022-42961
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-42961

fixed_packages

url pkg:deb/debian/wolfssl@4.6.0%2Bp1-0%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/wolfssl@4.6.0%2Bp1-0%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15fz-hhc7-kyaa

vulnerability	VCID-1u3q-52yd-1bhe

vulnerability	VCID-24mg-wn6a-6bew

vulnerability	VCID-24s5-d6jt-4kfe

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-3gve-u4f4-bkht

vulnerability	VCID-47nm-nte5-27fm

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-4zyq-af27-yqa4

vulnerability	VCID-6n4g-us9a-53g4

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-75y2-h9uk-n3a6

vulnerability	VCID-7xbp-qkvv-bqgm

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9hdy-aqa2-w3bd

vulnerability	VCID-9jb1-k32z-w7gw

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-bfap-h1d9-33dj

vulnerability	VCID-cum2-vp1j-syfc

vulnerability	VCID-cv4y-g4un-ckd4

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-dpu2-4w42-kygw

vulnerability	VCID-euma-vgqx-sbau

vulnerability	VCID-f4gq-hqcp-dqe2

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-f5kd-yqz2-nkcb

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-g5u9-khw6-4kgn

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-gtdh-mytb-t3fh

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hdbf-118z-2yec

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jc3b-m4ud-n7fw

vulnerability	VCID-jvnf-vh29-ufdh

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-n6uz-fe7m-uqhk

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-nqhj-d7uw-43hd

vulnerability	VCID-srmp-3tvp-9uhv

vulnerability	VCID-su8x-6n42-n3d5

vulnerability	VCID-u24a-2khf-uyba

vulnerability	VCID-u55w-unmd-97cm

vulnerability	VCID-udcq-enxt-wyf1

vulnerability	VCID-ugd8-9xzt-xbdz

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-vugd-2jfz-23b5

vulnerability	VCID-x3uy-7crx-2kae

vulnerability	VCID-xfgd-4hs3-vygk

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

vulnerability	VCID-zhf4-y8v8-gubn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@4.6.0%252Bp1-0%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/wolfssl@5.5.3-1?distro=trixie
purl	pkg:deb/debian/wolfssl@5.5.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.3-1%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15fz-hhc7-kyaa

vulnerability	VCID-1u3q-52yd-1bhe

vulnerability	VCID-24mg-wn6a-6bew

vulnerability	VCID-24s5-d6jt-4kfe

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-3gve-u4f4-bkht

vulnerability	VCID-47nm-nte5-27fm

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-4zyq-af27-yqa4

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-75y2-h9uk-n3a6

vulnerability	VCID-7xbp-qkvv-bqgm

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9hdy-aqa2-w3bd

vulnerability	VCID-9jb1-k32z-w7gw

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-bfap-h1d9-33dj

vulnerability	VCID-cv4y-g4un-ckd4

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-dpu2-4w42-kygw

vulnerability	VCID-euma-vgqx-sbau

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-f5kd-yqz2-nkcb

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-g5u9-khw6-4kgn

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-gtdh-mytb-t3fh

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hdbf-118z-2yec

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jc3b-m4ud-n7fw

vulnerability	VCID-jvnf-vh29-ufdh

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-n6uz-fe7m-uqhk

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-nqhj-d7uw-43hd

vulnerability	VCID-srmp-3tvp-9uhv

vulnerability	VCID-su8x-6n42-n3d5

vulnerability	VCID-u24a-2khf-uyba

vulnerability	VCID-u55w-unmd-97cm

vulnerability	VCID-udcq-enxt-wyf1

vulnerability	VCID-ugd8-9xzt-xbdz

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-vugd-2jfz-23b5

vulnerability	VCID-x3uy-7crx-2kae

vulnerability	VCID-xfgd-4hs3-vygk

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

vulnerability	VCID-zhf4-y8v8-gubn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.4-2%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15fz-hhc7-kyaa

vulnerability	VCID-24mg-wn6a-6bew

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-3gve-u4f4-bkht

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-4zyq-af27-yqa4

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-75y2-h9uk-n3a6

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9jb1-k32z-w7gw

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-bfap-h1d9-33dj

vulnerability	VCID-cv4y-g4un-ckd4

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-f5kd-yqz2-nkcb

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-g5u9-khw6-4kgn

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-gtdh-mytb-t3fh

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hdbf-118z-2yec

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jc3b-m4ud-n7fw

vulnerability	VCID-jvnf-vh29-ufdh

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-n6uz-fe7m-uqhk

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-nqhj-d7uw-43hd

vulnerability	VCID-srmp-3tvp-9uhv

vulnerability	VCID-u55w-unmd-97cm

vulnerability	VCID-udcq-enxt-wyf1

vulnerability	VCID-ugd8-9xzt-xbdz

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-vugd-2jfz-23b5

vulnerability	VCID-x3uy-7crx-2kae

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie

purl pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15fz-hhc7-kyaa

vulnerability	VCID-24mg-wn6a-6bew

vulnerability	VCID-3gve-u4f4-bkht

vulnerability	VCID-4zyq-af27-yqa4

vulnerability	VCID-75y2-h9uk-n3a6

vulnerability	VCID-9jb1-k32z-w7gw

vulnerability	VCID-bfap-h1d9-33dj

vulnerability	VCID-cv4y-g4un-ckd4

vulnerability	VCID-f5kd-yqz2-nkcb

vulnerability	VCID-g5u9-khw6-4kgn

vulnerability	VCID-gtdh-mytb-t3fh

vulnerability	VCID-hdbf-118z-2yec

vulnerability	VCID-jc3b-m4ud-n7fw

vulnerability	VCID-jvnf-vh29-ufdh

vulnerability	VCID-n6uz-fe7m-uqhk

vulnerability	VCID-nqhj-d7uw-43hd

vulnerability	VCID-srmp-3tvp-9uhv

vulnerability	VCID-u55w-unmd-97cm

vulnerability	VCID-udcq-enxt-wyf1

vulnerability	VCID-ugd8-9xzt-xbdz

vulnerability	VCID-vugd-2jfz-23b5

vulnerability	VCID-x3uy-7crx-2kae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie

url	pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
purl	pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie

aliases CVE-2022-42961

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x4tg-m9be-2yfe

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.3-1%3Fdistro=trixie

Package Instance