Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/wolfssl@5.6.6-1.2?distro=trixie
Typedeb
Namespacedebian
Namewolfssl
Version5.6.6-1.2
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version5.7.0-0.3
Latest_non_vulnerable_version5.9.1-0.1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-24s5-d6jt-4kfe
vulnerability_id VCID-24s5-d6jt-4kfe
summary In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6936
reference_id
reference_type
scores
0
value 0.00274
scoring_system epss
scoring_elements 0.50822
published_at 2026-04-21T12:55:00Z
1
value 0.00274
scoring_system epss
scoring_elements 0.50814
published_at 2026-04-12T12:55:00Z
2
value 0.00274
scoring_system epss
scoring_elements 0.50837
published_at 2026-04-16T12:55:00Z
3
value 0.00274
scoring_system epss
scoring_elements 0.50843
published_at 2026-04-18T12:55:00Z
4
value 0.00274
scoring_system epss
scoring_elements 0.50761
published_at 2026-04-02T12:55:00Z
5
value 0.00274
scoring_system epss
scoring_elements 0.50786
published_at 2026-04-04T12:55:00Z
6
value 0.00274
scoring_system epss
scoring_elements 0.50743
published_at 2026-04-07T12:55:00Z
7
value 0.00274
scoring_system epss
scoring_elements 0.50799
published_at 2026-04-13T12:55:00Z
8
value 0.00274
scoring_system epss
scoring_elements 0.50795
published_at 2026-04-09T12:55:00Z
9
value 0.00274
scoring_system epss
scoring_elements 0.50838
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6936
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6936
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6936
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059357
reference_id 1059357
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059357
3
reference_url https://github.com/wolfSSL/wolfssl/pull/6949/
reference_id 6949
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-27T14:22:41Z/
url https://github.com/wolfSSL/wolfssl/pull/6949/
fixed_packages
0
url pkg:deb/debian/wolfssl@5.6.6-1.2?distro=trixie
purl pkg:deb/debian/wolfssl@5.6.6-1.2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.6.6-1.2%3Fdistro=trixie
1
url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15fz-hhc7-kyaa
1
vulnerability VCID-24mg-wn6a-6bew
2
vulnerability VCID-2ry7-trrg-gfdk
3
vulnerability VCID-3gve-u4f4-bkht
4
vulnerability VCID-4zda-zrq6-hbc8
5
vulnerability VCID-4zyq-af27-yqa4
6
vulnerability VCID-6v8z-cfax-zqbh
7
vulnerability VCID-75y2-h9uk-n3a6
8
vulnerability VCID-8735-ectc-j7a3
9
vulnerability VCID-9jb1-k32z-w7gw
10
vulnerability VCID-9jpj-dfsf-qkce
11
vulnerability VCID-9jw2-3v9v-ruap
12
vulnerability VCID-9kev-ferz-5bhr
13
vulnerability VCID-9x14-2t7m-1kbm
14
vulnerability VCID-bfap-h1d9-33dj
15
vulnerability VCID-cv4y-g4un-ckd4
16
vulnerability VCID-cxhw-3w24-dkes
17
vulnerability VCID-f57c-kamk-3bct
18
vulnerability VCID-f5kd-yqz2-nkcb
19
vulnerability VCID-fmtp-x6y7-83g1
20
vulnerability VCID-g5u9-khw6-4kgn
21
vulnerability VCID-gcfd-w8je-kqfm
22
vulnerability VCID-gdur-h588-vbb6
23
vulnerability VCID-gmdj-a1ys-tqc2
24
vulnerability VCID-gtdh-mytb-t3fh
25
vulnerability VCID-h6na-nxxq-5yg9
26
vulnerability VCID-hdbf-118z-2yec
27
vulnerability VCID-hk8r-kk4v-1fa7
28
vulnerability VCID-jc3b-m4ud-n7fw
29
vulnerability VCID-jvnf-vh29-ufdh
30
vulnerability VCID-jxf4-y1au-5bhw
31
vulnerability VCID-khur-3ax7-9fhb
32
vulnerability VCID-n64w-nq6a-m7bv
33
vulnerability VCID-n6uz-fe7m-uqhk
34
vulnerability VCID-njbj-f91t-b7f4
35
vulnerability VCID-nqhj-d7uw-43hd
36
vulnerability VCID-srmp-3tvp-9uhv
37
vulnerability VCID-u55w-unmd-97cm
38
vulnerability VCID-udcq-enxt-wyf1
39
vulnerability VCID-ugd8-9xzt-xbdz
40
vulnerability VCID-uvht-9bt9-hfbb
41
vulnerability VCID-v3m6-zajw-bfhb
42
vulnerability VCID-vugd-2jfz-23b5
43
vulnerability VCID-x3uy-7crx-2kae
44
vulnerability VCID-xuyn-pjpb-g7du
45
vulnerability VCID-xxkx-w5pc-5uap
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1%3Fdistro=trixie
2
url pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15fz-hhc7-kyaa
1
vulnerability VCID-24mg-wn6a-6bew
2
vulnerability VCID-3gve-u4f4-bkht
3
vulnerability VCID-4zyq-af27-yqa4
4
vulnerability VCID-75y2-h9uk-n3a6
5
vulnerability VCID-9jb1-k32z-w7gw
6
vulnerability VCID-bfap-h1d9-33dj
7
vulnerability VCID-cv4y-g4un-ckd4
8
vulnerability VCID-f5kd-yqz2-nkcb
9
vulnerability VCID-g5u9-khw6-4kgn
10
vulnerability VCID-gtdh-mytb-t3fh
11
vulnerability VCID-hdbf-118z-2yec
12
vulnerability VCID-jc3b-m4ud-n7fw
13
vulnerability VCID-jvnf-vh29-ufdh
14
vulnerability VCID-n6uz-fe7m-uqhk
15
vulnerability VCID-nqhj-d7uw-43hd
16
vulnerability VCID-srmp-3tvp-9uhv
17
vulnerability VCID-u55w-unmd-97cm
18
vulnerability VCID-udcq-enxt-wyf1
19
vulnerability VCID-ugd8-9xzt-xbdz
20
vulnerability VCID-vugd-2jfz-23b5
21
vulnerability VCID-x3uy-7crx-2kae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie
3
url pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie
aliases CVE-2023-6936
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-24s5-d6jt-4kfe
1
url VCID-7xbp-qkvv-bqgm
vulnerability_id VCID-7xbp-qkvv-bqgm
summary The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. In a controlled environment such as Intel SGX, an attacker can gain a per instruction sub-cache-line resolution allowing them to break the cache-line-level protection. For details on the attack refer to: https://doi.org/10.46586/tches.v2024.i1.457-500
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-1543
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12365
published_at 2026-04-21T12:55:00Z
1
value 0.00041
scoring_system epss
scoring_elements 0.12262
published_at 2026-04-16T12:55:00Z
2
value 0.00041
scoring_system epss
scoring_elements 0.12261
published_at 2026-04-18T12:55:00Z
3
value 0.00041
scoring_system epss
scoring_elements 0.12455
published_at 2026-04-02T12:55:00Z
4
value 0.00041
scoring_system epss
scoring_elements 0.12499
published_at 2026-04-04T12:55:00Z
5
value 0.00041
scoring_system epss
scoring_elements 0.12304
published_at 2026-04-07T12:55:00Z
6
value 0.00041
scoring_system epss
scoring_elements 0.12383
published_at 2026-04-08T12:55:00Z
7
value 0.00041
scoring_system epss
scoring_elements 0.12434
published_at 2026-04-09T12:55:00Z
8
value 0.00041
scoring_system epss
scoring_elements 0.1244
published_at 2026-04-11T12:55:00Z
9
value 0.00041
scoring_system epss
scoring_elements 0.12401
published_at 2026-04-12T12:55:00Z
10
value 0.00041
scoring_system epss
scoring_elements 0.1236
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-1543
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1543
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1543
2
reference_url https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-566-dec-19-2023
reference_id ChangeLog.md#wolfssl-release-566-dec-19-2023
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-30T14:19:28Z/
url https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-566-dec-19-2023
fixed_packages
0
url pkg:deb/debian/wolfssl@5.6.6-1.2?distro=trixie
purl pkg:deb/debian/wolfssl@5.6.6-1.2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.6.6-1.2%3Fdistro=trixie
1
url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15fz-hhc7-kyaa
1
vulnerability VCID-24mg-wn6a-6bew
2
vulnerability VCID-2ry7-trrg-gfdk
3
vulnerability VCID-3gve-u4f4-bkht
4
vulnerability VCID-4zda-zrq6-hbc8
5
vulnerability VCID-4zyq-af27-yqa4
6
vulnerability VCID-6v8z-cfax-zqbh
7
vulnerability VCID-75y2-h9uk-n3a6
8
vulnerability VCID-8735-ectc-j7a3
9
vulnerability VCID-9jb1-k32z-w7gw
10
vulnerability VCID-9jpj-dfsf-qkce
11
vulnerability VCID-9jw2-3v9v-ruap
12
vulnerability VCID-9kev-ferz-5bhr
13
vulnerability VCID-9x14-2t7m-1kbm
14
vulnerability VCID-bfap-h1d9-33dj
15
vulnerability VCID-cv4y-g4un-ckd4
16
vulnerability VCID-cxhw-3w24-dkes
17
vulnerability VCID-f57c-kamk-3bct
18
vulnerability VCID-f5kd-yqz2-nkcb
19
vulnerability VCID-fmtp-x6y7-83g1
20
vulnerability VCID-g5u9-khw6-4kgn
21
vulnerability VCID-gcfd-w8je-kqfm
22
vulnerability VCID-gdur-h588-vbb6
23
vulnerability VCID-gmdj-a1ys-tqc2
24
vulnerability VCID-gtdh-mytb-t3fh
25
vulnerability VCID-h6na-nxxq-5yg9
26
vulnerability VCID-hdbf-118z-2yec
27
vulnerability VCID-hk8r-kk4v-1fa7
28
vulnerability VCID-jc3b-m4ud-n7fw
29
vulnerability VCID-jvnf-vh29-ufdh
30
vulnerability VCID-jxf4-y1au-5bhw
31
vulnerability VCID-khur-3ax7-9fhb
32
vulnerability VCID-n64w-nq6a-m7bv
33
vulnerability VCID-n6uz-fe7m-uqhk
34
vulnerability VCID-njbj-f91t-b7f4
35
vulnerability VCID-nqhj-d7uw-43hd
36
vulnerability VCID-srmp-3tvp-9uhv
37
vulnerability VCID-u55w-unmd-97cm
38
vulnerability VCID-udcq-enxt-wyf1
39
vulnerability VCID-ugd8-9xzt-xbdz
40
vulnerability VCID-uvht-9bt9-hfbb
41
vulnerability VCID-v3m6-zajw-bfhb
42
vulnerability VCID-vugd-2jfz-23b5
43
vulnerability VCID-x3uy-7crx-2kae
44
vulnerability VCID-xuyn-pjpb-g7du
45
vulnerability VCID-xxkx-w5pc-5uap
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1%3Fdistro=trixie
2
url pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15fz-hhc7-kyaa
1
vulnerability VCID-24mg-wn6a-6bew
2
vulnerability VCID-3gve-u4f4-bkht
3
vulnerability VCID-4zyq-af27-yqa4
4
vulnerability VCID-75y2-h9uk-n3a6
5
vulnerability VCID-9jb1-k32z-w7gw
6
vulnerability VCID-bfap-h1d9-33dj
7
vulnerability VCID-cv4y-g4un-ckd4
8
vulnerability VCID-f5kd-yqz2-nkcb
9
vulnerability VCID-g5u9-khw6-4kgn
10
vulnerability VCID-gtdh-mytb-t3fh
11
vulnerability VCID-hdbf-118z-2yec
12
vulnerability VCID-jc3b-m4ud-n7fw
13
vulnerability VCID-jvnf-vh29-ufdh
14
vulnerability VCID-n6uz-fe7m-uqhk
15
vulnerability VCID-nqhj-d7uw-43hd
16
vulnerability VCID-srmp-3tvp-9uhv
17
vulnerability VCID-u55w-unmd-97cm
18
vulnerability VCID-udcq-enxt-wyf1
19
vulnerability VCID-ugd8-9xzt-xbdz
20
vulnerability VCID-vugd-2jfz-23b5
21
vulnerability VCID-x3uy-7crx-2kae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie
3
url pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie
aliases CVE-2024-1543
risk_score 1.9
exploitability 0.5
weighted_severity 3.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7xbp-qkvv-bqgm
2
url VCID-u24a-2khf-uyba
vulnerability_id VCID-u24a-2khf-uyba
summary wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6937
reference_id
reference_type
scores
0
value 0.00442
scoring_system epss
scoring_elements 0.63272
published_at 2026-04-21T12:55:00Z
1
value 0.00442
scoring_system epss
scoring_elements 0.63284
published_at 2026-04-12T12:55:00Z
2
value 0.00442
scoring_system epss
scoring_elements 0.63285
published_at 2026-04-16T12:55:00Z
3
value 0.00442
scoring_system epss
scoring_elements 0.63293
published_at 2026-04-18T12:55:00Z
4
value 0.00442
scoring_system epss
scoring_elements 0.63219
published_at 2026-04-02T12:55:00Z
5
value 0.00442
scoring_system epss
scoring_elements 0.63248
published_at 2026-04-13T12:55:00Z
6
value 0.00442
scoring_system epss
scoring_elements 0.63214
published_at 2026-04-07T12:55:00Z
7
value 0.00442
scoring_system epss
scoring_elements 0.63265
published_at 2026-04-08T12:55:00Z
8
value 0.00442
scoring_system epss
scoring_elements 0.63283
published_at 2026-04-09T12:55:00Z
9
value 0.00442
scoring_system epss
scoring_elements 0.633
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6937
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6937
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6937
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059357
reference_id 1059357
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059357
3
reference_url https://github.com/wolfSSL/wolfssl/pull/7029
reference_id 7029
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T15:13:21Z/
url https://github.com/wolfSSL/wolfssl/pull/7029
fixed_packages
0
url pkg:deb/debian/wolfssl@5.6.6-1.2?distro=trixie
purl pkg:deb/debian/wolfssl@5.6.6-1.2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.6.6-1.2%3Fdistro=trixie
1
url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15fz-hhc7-kyaa
1
vulnerability VCID-24mg-wn6a-6bew
2
vulnerability VCID-2ry7-trrg-gfdk
3
vulnerability VCID-3gve-u4f4-bkht
4
vulnerability VCID-4zda-zrq6-hbc8
5
vulnerability VCID-4zyq-af27-yqa4
6
vulnerability VCID-6v8z-cfax-zqbh
7
vulnerability VCID-75y2-h9uk-n3a6
8
vulnerability VCID-8735-ectc-j7a3
9
vulnerability VCID-9jb1-k32z-w7gw
10
vulnerability VCID-9jpj-dfsf-qkce
11
vulnerability VCID-9jw2-3v9v-ruap
12
vulnerability VCID-9kev-ferz-5bhr
13
vulnerability VCID-9x14-2t7m-1kbm
14
vulnerability VCID-bfap-h1d9-33dj
15
vulnerability VCID-cv4y-g4un-ckd4
16
vulnerability VCID-cxhw-3w24-dkes
17
vulnerability VCID-f57c-kamk-3bct
18
vulnerability VCID-f5kd-yqz2-nkcb
19
vulnerability VCID-fmtp-x6y7-83g1
20
vulnerability VCID-g5u9-khw6-4kgn
21
vulnerability VCID-gcfd-w8je-kqfm
22
vulnerability VCID-gdur-h588-vbb6
23
vulnerability VCID-gmdj-a1ys-tqc2
24
vulnerability VCID-gtdh-mytb-t3fh
25
vulnerability VCID-h6na-nxxq-5yg9
26
vulnerability VCID-hdbf-118z-2yec
27
vulnerability VCID-hk8r-kk4v-1fa7
28
vulnerability VCID-jc3b-m4ud-n7fw
29
vulnerability VCID-jvnf-vh29-ufdh
30
vulnerability VCID-jxf4-y1au-5bhw
31
vulnerability VCID-khur-3ax7-9fhb
32
vulnerability VCID-n64w-nq6a-m7bv
33
vulnerability VCID-n6uz-fe7m-uqhk
34
vulnerability VCID-njbj-f91t-b7f4
35
vulnerability VCID-nqhj-d7uw-43hd
36
vulnerability VCID-srmp-3tvp-9uhv
37
vulnerability VCID-u55w-unmd-97cm
38
vulnerability VCID-udcq-enxt-wyf1
39
vulnerability VCID-ugd8-9xzt-xbdz
40
vulnerability VCID-uvht-9bt9-hfbb
41
vulnerability VCID-v3m6-zajw-bfhb
42
vulnerability VCID-vugd-2jfz-23b5
43
vulnerability VCID-x3uy-7crx-2kae
44
vulnerability VCID-xuyn-pjpb-g7du
45
vulnerability VCID-xxkx-w5pc-5uap
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1%3Fdistro=trixie
2
url pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15fz-hhc7-kyaa
1
vulnerability VCID-24mg-wn6a-6bew
2
vulnerability VCID-3gve-u4f4-bkht
3
vulnerability VCID-4zyq-af27-yqa4
4
vulnerability VCID-75y2-h9uk-n3a6
5
vulnerability VCID-9jb1-k32z-w7gw
6
vulnerability VCID-bfap-h1d9-33dj
7
vulnerability VCID-cv4y-g4un-ckd4
8
vulnerability VCID-f5kd-yqz2-nkcb
9
vulnerability VCID-g5u9-khw6-4kgn
10
vulnerability VCID-gtdh-mytb-t3fh
11
vulnerability VCID-hdbf-118z-2yec
12
vulnerability VCID-jc3b-m4ud-n7fw
13
vulnerability VCID-jvnf-vh29-ufdh
14
vulnerability VCID-n6uz-fe7m-uqhk
15
vulnerability VCID-nqhj-d7uw-43hd
16
vulnerability VCID-srmp-3tvp-9uhv
17
vulnerability VCID-u55w-unmd-97cm
18
vulnerability VCID-udcq-enxt-wyf1
19
vulnerability VCID-ugd8-9xzt-xbdz
20
vulnerability VCID-vugd-2jfz-23b5
21
vulnerability VCID-x3uy-7crx-2kae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie
3
url pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie
aliases CVE-2023-6937
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u24a-2khf-uyba
3
url VCID-zhf4-y8v8-gubn
vulnerability_id VCID-zhf4-y8v8-gubn
summary wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6.  Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent. The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server’s private key is not exposed.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6935
reference_id
reference_type
scores
0
value 0.00315
scoring_system epss
scoring_elements 0.54622
published_at 2026-04-21T12:55:00Z
1
value 0.00315
scoring_system epss
scoring_elements 0.54592
published_at 2026-04-02T12:55:00Z
2
value 0.00315
scoring_system epss
scoring_elements 0.54643
published_at 2026-04-18T12:55:00Z
3
value 0.00315
scoring_system epss
scoring_elements 0.54626
published_at 2026-04-12T12:55:00Z
4
value 0.00315
scoring_system epss
scoring_elements 0.54604
published_at 2026-04-13T12:55:00Z
5
value 0.00315
scoring_system epss
scoring_elements 0.54642
published_at 2026-04-16T12:55:00Z
6
value 0.00315
scoring_system epss
scoring_elements 0.54615
published_at 2026-04-04T12:55:00Z
7
value 0.00315
scoring_system epss
scoring_elements 0.54584
published_at 2026-04-07T12:55:00Z
8
value 0.00315
scoring_system epss
scoring_elements 0.54635
published_at 2026-04-08T12:55:00Z
9
value 0.00315
scoring_system epss
scoring_elements 0.5463
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6935
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6935
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6935
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059357
reference_id 1059357
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059357
3
reference_url https://people.redhat.com/~hkario/marvin/
reference_id marvin
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T12:48:11Z/
url https://people.redhat.com/~hkario/marvin/
fixed_packages
0
url pkg:deb/debian/wolfssl@5.6.6-1.2?distro=trixie
purl pkg:deb/debian/wolfssl@5.6.6-1.2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.6.6-1.2%3Fdistro=trixie
1
url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15fz-hhc7-kyaa
1
vulnerability VCID-24mg-wn6a-6bew
2
vulnerability VCID-2ry7-trrg-gfdk
3
vulnerability VCID-3gve-u4f4-bkht
4
vulnerability VCID-4zda-zrq6-hbc8
5
vulnerability VCID-4zyq-af27-yqa4
6
vulnerability VCID-6v8z-cfax-zqbh
7
vulnerability VCID-75y2-h9uk-n3a6
8
vulnerability VCID-8735-ectc-j7a3
9
vulnerability VCID-9jb1-k32z-w7gw
10
vulnerability VCID-9jpj-dfsf-qkce
11
vulnerability VCID-9jw2-3v9v-ruap
12
vulnerability VCID-9kev-ferz-5bhr
13
vulnerability VCID-9x14-2t7m-1kbm
14
vulnerability VCID-bfap-h1d9-33dj
15
vulnerability VCID-cv4y-g4un-ckd4
16
vulnerability VCID-cxhw-3w24-dkes
17
vulnerability VCID-f57c-kamk-3bct
18
vulnerability VCID-f5kd-yqz2-nkcb
19
vulnerability VCID-fmtp-x6y7-83g1
20
vulnerability VCID-g5u9-khw6-4kgn
21
vulnerability VCID-gcfd-w8je-kqfm
22
vulnerability VCID-gdur-h588-vbb6
23
vulnerability VCID-gmdj-a1ys-tqc2
24
vulnerability VCID-gtdh-mytb-t3fh
25
vulnerability VCID-h6na-nxxq-5yg9
26
vulnerability VCID-hdbf-118z-2yec
27
vulnerability VCID-hk8r-kk4v-1fa7
28
vulnerability VCID-jc3b-m4ud-n7fw
29
vulnerability VCID-jvnf-vh29-ufdh
30
vulnerability VCID-jxf4-y1au-5bhw
31
vulnerability VCID-khur-3ax7-9fhb
32
vulnerability VCID-n64w-nq6a-m7bv
33
vulnerability VCID-n6uz-fe7m-uqhk
34
vulnerability VCID-njbj-f91t-b7f4
35
vulnerability VCID-nqhj-d7uw-43hd
36
vulnerability VCID-srmp-3tvp-9uhv
37
vulnerability VCID-u55w-unmd-97cm
38
vulnerability VCID-udcq-enxt-wyf1
39
vulnerability VCID-ugd8-9xzt-xbdz
40
vulnerability VCID-uvht-9bt9-hfbb
41
vulnerability VCID-v3m6-zajw-bfhb
42
vulnerability VCID-vugd-2jfz-23b5
43
vulnerability VCID-x3uy-7crx-2kae
44
vulnerability VCID-xuyn-pjpb-g7du
45
vulnerability VCID-xxkx-w5pc-5uap
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1%3Fdistro=trixie
2
url pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15fz-hhc7-kyaa
1
vulnerability VCID-24mg-wn6a-6bew
2
vulnerability VCID-3gve-u4f4-bkht
3
vulnerability VCID-4zyq-af27-yqa4
4
vulnerability VCID-75y2-h9uk-n3a6
5
vulnerability VCID-9jb1-k32z-w7gw
6
vulnerability VCID-bfap-h1d9-33dj
7
vulnerability VCID-cv4y-g4un-ckd4
8
vulnerability VCID-f5kd-yqz2-nkcb
9
vulnerability VCID-g5u9-khw6-4kgn
10
vulnerability VCID-gtdh-mytb-t3fh
11
vulnerability VCID-hdbf-118z-2yec
12
vulnerability VCID-jc3b-m4ud-n7fw
13
vulnerability VCID-jvnf-vh29-ufdh
14
vulnerability VCID-n6uz-fe7m-uqhk
15
vulnerability VCID-nqhj-d7uw-43hd
16
vulnerability VCID-srmp-3tvp-9uhv
17
vulnerability VCID-u55w-unmd-97cm
18
vulnerability VCID-udcq-enxt-wyf1
19
vulnerability VCID-ugd8-9xzt-xbdz
20
vulnerability VCID-vugd-2jfz-23b5
21
vulnerability VCID-x3uy-7crx-2kae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie
3
url pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie
aliases CVE-2023-6935
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zhf4-y8v8-gubn
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.6.6-1.2%3Fdistro=trixie