Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/942912?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/942912?format=api", "purl": "pkg:deb/debian/wolfssl@5.7.2-0.1?distro=trixie", "type": "deb", "namespace": "debian", "name": "wolfssl", "version": "5.7.2-0.1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "5.7.2-0.4", "latest_non_vulnerable_version": "5.9.1-0.1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96335?format=api", "vulnerability_id": "VCID-1u3q-52yd-1bhe", "summary": "In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5991", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29105", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29284", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29172", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29577", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29626", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29448", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.2951", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.2955", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29552", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29507", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29455", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29474", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29446", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.294", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5991" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081788", "reference_id": "1081788", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081788" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/942912?format=api", "purl": "pkg:deb/debian/wolfssl@5.7.2-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/942887?format=api", "purl": "pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15fz-hhc7-kyaa" }, { "vulnerability": "VCID-24mg-wn6a-6bew" }, { "vulnerability": "VCID-2ry7-trrg-gfdk" }, { "vulnerability": "VCID-3gve-u4f4-bkht" }, { "vulnerability": "VCID-4zda-zrq6-hbc8" }, { "vulnerability": "VCID-4zyq-af27-yqa4" }, { "vulnerability": "VCID-6v8z-cfax-zqbh" }, { "vulnerability": "VCID-75y2-h9uk-n3a6" }, { "vulnerability": "VCID-8735-ectc-j7a3" }, { "vulnerability": "VCID-9jb1-k32z-w7gw" }, { "vulnerability": "VCID-9jpj-dfsf-qkce" }, { "vulnerability": "VCID-9jw2-3v9v-ruap" }, { "vulnerability": "VCID-9kev-ferz-5bhr" }, { "vulnerability": "VCID-9x14-2t7m-1kbm" }, { "vulnerability": "VCID-bfap-h1d9-33dj" }, { "vulnerability": "VCID-cv4y-g4un-ckd4" }, { "vulnerability": "VCID-cxhw-3w24-dkes" }, { "vulnerability": "VCID-f57c-kamk-3bct" }, { "vulnerability": "VCID-f5kd-yqz2-nkcb" }, { "vulnerability": "VCID-fmtp-x6y7-83g1" }, { "vulnerability": "VCID-g5u9-khw6-4kgn" }, { "vulnerability": "VCID-gcfd-w8je-kqfm" }, { "vulnerability": "VCID-gdur-h588-vbb6" }, { "vulnerability": "VCID-gmdj-a1ys-tqc2" }, { "vulnerability": "VCID-gtdh-mytb-t3fh" }, { "vulnerability": "VCID-h6na-nxxq-5yg9" }, { "vulnerability": "VCID-hdbf-118z-2yec" }, { "vulnerability": "VCID-hk8r-kk4v-1fa7" }, { "vulnerability": "VCID-jc3b-m4ud-n7fw" }, { "vulnerability": "VCID-jvnf-vh29-ufdh" }, { "vulnerability": "VCID-jxf4-y1au-5bhw" }, { "vulnerability": "VCID-khur-3ax7-9fhb" }, { "vulnerability": "VCID-n64w-nq6a-m7bv" }, { "vulnerability": "VCID-n6uz-fe7m-uqhk" }, { "vulnerability": "VCID-njbj-f91t-b7f4" }, { "vulnerability": "VCID-nqhj-d7uw-43hd" }, { "vulnerability": "VCID-srmp-3tvp-9uhv" }, { "vulnerability": "VCID-u55w-unmd-97cm" }, { "vulnerability": "VCID-udcq-enxt-wyf1" }, { "vulnerability": "VCID-ugd8-9xzt-xbdz" }, { "vulnerability": "VCID-uvht-9bt9-hfbb" }, { "vulnerability": "VCID-v3m6-zajw-bfhb" }, { "vulnerability": "VCID-vugd-2jfz-23b5" }, { "vulnerability": "VCID-x3uy-7crx-2kae" }, { "vulnerability": "VCID-xuyn-pjpb-g7du" }, { "vulnerability": "VCID-xxkx-w5pc-5uap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/942886?format=api", "purl": "pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15fz-hhc7-kyaa" }, { "vulnerability": "VCID-24mg-wn6a-6bew" }, { "vulnerability": "VCID-3gve-u4f4-bkht" }, { "vulnerability": "VCID-4zyq-af27-yqa4" }, { "vulnerability": "VCID-75y2-h9uk-n3a6" }, { "vulnerability": "VCID-9jb1-k32z-w7gw" }, { "vulnerability": "VCID-bfap-h1d9-33dj" }, { "vulnerability": "VCID-cv4y-g4un-ckd4" }, { "vulnerability": "VCID-f5kd-yqz2-nkcb" }, { "vulnerability": "VCID-g5u9-khw6-4kgn" }, { "vulnerability": "VCID-gtdh-mytb-t3fh" }, { "vulnerability": "VCID-hdbf-118z-2yec" }, { "vulnerability": "VCID-jc3b-m4ud-n7fw" }, { "vulnerability": "VCID-jvnf-vh29-ufdh" }, { "vulnerability": "VCID-n6uz-fe7m-uqhk" }, { "vulnerability": "VCID-nqhj-d7uw-43hd" }, { "vulnerability": "VCID-srmp-3tvp-9uhv" }, { "vulnerability": "VCID-u55w-unmd-97cm" }, { "vulnerability": "VCID-udcq-enxt-wyf1" }, { "vulnerability": "VCID-ugd8-9xzt-xbdz" }, { "vulnerability": "VCID-vugd-2jfz-23b5" }, { "vulnerability": "VCID-x3uy-7crx-2kae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076143?format=api", "purl": "pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-5991" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1u3q-52yd-1bhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96332?format=api", "vulnerability_id": "VCID-9hdy-aqa2-w3bd", "summary": "A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello. https://doi.org/10.46586/tches.v2024.i1.457-500", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5814", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44273", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44351", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44355", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44455", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44476", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44412", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44463", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.4447", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44486", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44454", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.4451", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44502", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44432", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5814" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081791", "reference_id": "1081791", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081791" }, { "reference_url": "https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#add_later", "reference_id": "ChangeLog.md#add_later", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/V:D/RE:M/U:Green" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-27T19:18:34Z/" } ], "url": "https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#add_later" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/942912?format=api", "purl": "pkg:deb/debian/wolfssl@5.7.2-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/942887?format=api", "purl": "pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15fz-hhc7-kyaa" }, { "vulnerability": "VCID-24mg-wn6a-6bew" }, { "vulnerability": "VCID-2ry7-trrg-gfdk" }, { "vulnerability": "VCID-3gve-u4f4-bkht" }, { "vulnerability": "VCID-4zda-zrq6-hbc8" }, { "vulnerability": "VCID-4zyq-af27-yqa4" }, { "vulnerability": "VCID-6v8z-cfax-zqbh" }, { "vulnerability": "VCID-75y2-h9uk-n3a6" }, { "vulnerability": "VCID-8735-ectc-j7a3" }, { "vulnerability": "VCID-9jb1-k32z-w7gw" }, { "vulnerability": "VCID-9jpj-dfsf-qkce" }, { "vulnerability": "VCID-9jw2-3v9v-ruap" }, { "vulnerability": "VCID-9kev-ferz-5bhr" }, { "vulnerability": "VCID-9x14-2t7m-1kbm" }, { "vulnerability": "VCID-bfap-h1d9-33dj" }, { "vulnerability": "VCID-cv4y-g4un-ckd4" }, { "vulnerability": "VCID-cxhw-3w24-dkes" }, { "vulnerability": "VCID-f57c-kamk-3bct" }, { "vulnerability": "VCID-f5kd-yqz2-nkcb" }, { "vulnerability": "VCID-fmtp-x6y7-83g1" }, { "vulnerability": "VCID-g5u9-khw6-4kgn" }, { "vulnerability": "VCID-gcfd-w8je-kqfm" }, { "vulnerability": "VCID-gdur-h588-vbb6" }, { "vulnerability": "VCID-gmdj-a1ys-tqc2" }, { "vulnerability": "VCID-gtdh-mytb-t3fh" }, { "vulnerability": "VCID-h6na-nxxq-5yg9" }, { "vulnerability": "VCID-hdbf-118z-2yec" }, { "vulnerability": "VCID-hk8r-kk4v-1fa7" }, { "vulnerability": "VCID-jc3b-m4ud-n7fw" }, { "vulnerability": "VCID-jvnf-vh29-ufdh" }, { "vulnerability": "VCID-jxf4-y1au-5bhw" }, { "vulnerability": "VCID-khur-3ax7-9fhb" }, { "vulnerability": "VCID-n64w-nq6a-m7bv" }, { "vulnerability": "VCID-n6uz-fe7m-uqhk" }, { "vulnerability": "VCID-njbj-f91t-b7f4" }, { "vulnerability": "VCID-nqhj-d7uw-43hd" }, { "vulnerability": "VCID-srmp-3tvp-9uhv" }, { "vulnerability": "VCID-u55w-unmd-97cm" }, { "vulnerability": "VCID-udcq-enxt-wyf1" }, { "vulnerability": "VCID-ugd8-9xzt-xbdz" }, { "vulnerability": "VCID-uvht-9bt9-hfbb" }, { "vulnerability": "VCID-v3m6-zajw-bfhb" }, { "vulnerability": "VCID-vugd-2jfz-23b5" }, { "vulnerability": "VCID-x3uy-7crx-2kae" }, { "vulnerability": "VCID-xuyn-pjpb-g7du" }, { "vulnerability": "VCID-xxkx-w5pc-5uap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/942886?format=api", "purl": "pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15fz-hhc7-kyaa" }, { "vulnerability": "VCID-24mg-wn6a-6bew" }, { "vulnerability": "VCID-3gve-u4f4-bkht" }, { "vulnerability": "VCID-4zyq-af27-yqa4" }, { "vulnerability": "VCID-75y2-h9uk-n3a6" }, { "vulnerability": "VCID-9jb1-k32z-w7gw" }, { "vulnerability": "VCID-bfap-h1d9-33dj" }, { "vulnerability": "VCID-cv4y-g4un-ckd4" }, { "vulnerability": "VCID-f5kd-yqz2-nkcb" }, { "vulnerability": "VCID-g5u9-khw6-4kgn" }, { "vulnerability": "VCID-gtdh-mytb-t3fh" }, { "vulnerability": "VCID-hdbf-118z-2yec" }, { "vulnerability": "VCID-jc3b-m4ud-n7fw" }, { "vulnerability": "VCID-jvnf-vh29-ufdh" }, { "vulnerability": "VCID-n6uz-fe7m-uqhk" }, { "vulnerability": "VCID-nqhj-d7uw-43hd" }, { "vulnerability": "VCID-srmp-3tvp-9uhv" }, { "vulnerability": "VCID-u55w-unmd-97cm" }, { "vulnerability": "VCID-udcq-enxt-wyf1" }, { "vulnerability": "VCID-ugd8-9xzt-xbdz" }, { "vulnerability": "VCID-vugd-2jfz-23b5" }, { "vulnerability": "VCID-x3uy-7crx-2kae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076143?format=api", "purl": "pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-5814" ], "risk_score": 2.3, "exploitability": "0.5", "weighted_severity": "4.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9hdy-aqa2-w3bd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95931?format=api", "vulnerability_id": "VCID-dpu2-4w42-kygw", "summary": "Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor q_e by dividing the upper two digits (a digit having e.g. a size of 8 byte) of r by the upper digit of n and then decrements q_e in a loop until it has the correct size. Observing the number of times q_e is decremented through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. For SECP160R1, e.g., we find a bias of 15 bits.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1544", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22835", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22763", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22819", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22857", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22871", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22916", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22708", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22783", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35609", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36008", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35958", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35729", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35697", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36023", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1544" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1544", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1544" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081789", "reference_id": "1081789", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081789" }, { "reference_url": "https://github.com/wolfSSL/wolfssl/pull/7020", "reference_id": "7020", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T19:14:00Z/" } ], "url": "https://github.com/wolfSSL/wolfssl/pull/7020" }, { "reference_url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable", "reference_id": "v5.7.2-stable", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T19:14:00Z/" } ], "url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/942912?format=api", "purl": "pkg:deb/debian/wolfssl@5.7.2-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/942887?format=api", "purl": "pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15fz-hhc7-kyaa" }, { "vulnerability": "VCID-24mg-wn6a-6bew" }, { "vulnerability": "VCID-2ry7-trrg-gfdk" }, { "vulnerability": "VCID-3gve-u4f4-bkht" }, { "vulnerability": "VCID-4zda-zrq6-hbc8" }, { "vulnerability": "VCID-4zyq-af27-yqa4" }, { "vulnerability": "VCID-6v8z-cfax-zqbh" }, { "vulnerability": "VCID-75y2-h9uk-n3a6" }, { "vulnerability": "VCID-8735-ectc-j7a3" }, { "vulnerability": "VCID-9jb1-k32z-w7gw" }, { "vulnerability": "VCID-9jpj-dfsf-qkce" }, { "vulnerability": "VCID-9jw2-3v9v-ruap" }, { "vulnerability": "VCID-9kev-ferz-5bhr" }, { "vulnerability": "VCID-9x14-2t7m-1kbm" }, { "vulnerability": "VCID-bfap-h1d9-33dj" }, { "vulnerability": "VCID-cv4y-g4un-ckd4" }, { "vulnerability": "VCID-cxhw-3w24-dkes" }, { "vulnerability": "VCID-f57c-kamk-3bct" }, { "vulnerability": "VCID-f5kd-yqz2-nkcb" }, { "vulnerability": "VCID-fmtp-x6y7-83g1" }, { "vulnerability": "VCID-g5u9-khw6-4kgn" }, { "vulnerability": "VCID-gcfd-w8je-kqfm" }, { "vulnerability": "VCID-gdur-h588-vbb6" }, { "vulnerability": "VCID-gmdj-a1ys-tqc2" }, { "vulnerability": "VCID-gtdh-mytb-t3fh" }, { "vulnerability": "VCID-h6na-nxxq-5yg9" }, { "vulnerability": "VCID-hdbf-118z-2yec" }, { "vulnerability": "VCID-hk8r-kk4v-1fa7" }, { "vulnerability": "VCID-jc3b-m4ud-n7fw" }, { "vulnerability": "VCID-jvnf-vh29-ufdh" }, { "vulnerability": "VCID-jxf4-y1au-5bhw" }, { "vulnerability": "VCID-khur-3ax7-9fhb" }, { "vulnerability": "VCID-n64w-nq6a-m7bv" }, { "vulnerability": "VCID-n6uz-fe7m-uqhk" }, { "vulnerability": "VCID-njbj-f91t-b7f4" }, { "vulnerability": "VCID-nqhj-d7uw-43hd" }, { "vulnerability": "VCID-srmp-3tvp-9uhv" }, { "vulnerability": "VCID-u55w-unmd-97cm" }, { "vulnerability": "VCID-udcq-enxt-wyf1" }, { "vulnerability": "VCID-ugd8-9xzt-xbdz" }, { "vulnerability": "VCID-uvht-9bt9-hfbb" }, { "vulnerability": "VCID-v3m6-zajw-bfhb" }, { "vulnerability": "VCID-vugd-2jfz-23b5" }, { "vulnerability": "VCID-x3uy-7crx-2kae" }, { "vulnerability": "VCID-xuyn-pjpb-g7du" }, { "vulnerability": "VCID-xxkx-w5pc-5uap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/942886?format=api", "purl": "pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15fz-hhc7-kyaa" }, { "vulnerability": "VCID-24mg-wn6a-6bew" }, { "vulnerability": "VCID-3gve-u4f4-bkht" }, { "vulnerability": "VCID-4zyq-af27-yqa4" }, { "vulnerability": "VCID-75y2-h9uk-n3a6" }, { "vulnerability": "VCID-9jb1-k32z-w7gw" }, { "vulnerability": "VCID-bfap-h1d9-33dj" }, { "vulnerability": "VCID-cv4y-g4un-ckd4" }, { "vulnerability": "VCID-f5kd-yqz2-nkcb" }, { "vulnerability": "VCID-g5u9-khw6-4kgn" }, { "vulnerability": "VCID-gtdh-mytb-t3fh" }, { "vulnerability": "VCID-hdbf-118z-2yec" }, { "vulnerability": "VCID-jc3b-m4ud-n7fw" }, { "vulnerability": "VCID-jvnf-vh29-ufdh" }, { "vulnerability": "VCID-n6uz-fe7m-uqhk" }, { "vulnerability": "VCID-nqhj-d7uw-43hd" }, { "vulnerability": "VCID-srmp-3tvp-9uhv" }, { "vulnerability": "VCID-u55w-unmd-97cm" }, { "vulnerability": "VCID-udcq-enxt-wyf1" }, { "vulnerability": "VCID-ugd8-9xzt-xbdz" }, { "vulnerability": "VCID-vugd-2jfz-23b5" }, { "vulnerability": "VCID-x3uy-7crx-2kae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076143?format=api", "purl": "pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-1544" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dpu2-4w42-kygw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96263?format=api", "vulnerability_id": "VCID-xfgd-4hs3-vygk", "summary": "An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys, such as in server-side TLS connections, the connection is halted if any fault occurs. The success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5288", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.24991", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25049", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25036", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25289", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2533", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25107", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25176", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25221", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25235", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25193", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2514", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2515", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25108", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5288" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5288", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5288" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081790", "reference_id": "1081790", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081790" }, { "reference_url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable", "reference_id": "v5.7.2-stable", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T19:22:54Z/" } ], "url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/942912?format=api", "purl": "pkg:deb/debian/wolfssl@5.7.2-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/942887?format=api", "purl": "pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15fz-hhc7-kyaa" }, { "vulnerability": "VCID-24mg-wn6a-6bew" }, { "vulnerability": "VCID-2ry7-trrg-gfdk" }, { "vulnerability": "VCID-3gve-u4f4-bkht" }, { "vulnerability": "VCID-4zda-zrq6-hbc8" }, { "vulnerability": "VCID-4zyq-af27-yqa4" }, { "vulnerability": "VCID-6v8z-cfax-zqbh" }, { "vulnerability": "VCID-75y2-h9uk-n3a6" }, { "vulnerability": "VCID-8735-ectc-j7a3" }, { "vulnerability": "VCID-9jb1-k32z-w7gw" }, { "vulnerability": "VCID-9jpj-dfsf-qkce" }, { "vulnerability": "VCID-9jw2-3v9v-ruap" }, { "vulnerability": "VCID-9kev-ferz-5bhr" }, { "vulnerability": "VCID-9x14-2t7m-1kbm" }, { "vulnerability": "VCID-bfap-h1d9-33dj" }, { "vulnerability": "VCID-cv4y-g4un-ckd4" }, { "vulnerability": "VCID-cxhw-3w24-dkes" }, { "vulnerability": "VCID-f57c-kamk-3bct" }, { "vulnerability": "VCID-f5kd-yqz2-nkcb" }, { "vulnerability": "VCID-fmtp-x6y7-83g1" }, { "vulnerability": "VCID-g5u9-khw6-4kgn" }, { "vulnerability": "VCID-gcfd-w8je-kqfm" }, { "vulnerability": "VCID-gdur-h588-vbb6" }, { "vulnerability": "VCID-gmdj-a1ys-tqc2" }, { "vulnerability": "VCID-gtdh-mytb-t3fh" }, { "vulnerability": "VCID-h6na-nxxq-5yg9" }, { "vulnerability": "VCID-hdbf-118z-2yec" }, { "vulnerability": "VCID-hk8r-kk4v-1fa7" }, { "vulnerability": "VCID-jc3b-m4ud-n7fw" }, { "vulnerability": "VCID-jvnf-vh29-ufdh" }, { "vulnerability": "VCID-jxf4-y1au-5bhw" }, { "vulnerability": "VCID-khur-3ax7-9fhb" }, { "vulnerability": "VCID-n64w-nq6a-m7bv" }, { "vulnerability": "VCID-n6uz-fe7m-uqhk" }, { "vulnerability": "VCID-njbj-f91t-b7f4" }, { "vulnerability": "VCID-nqhj-d7uw-43hd" }, { "vulnerability": "VCID-srmp-3tvp-9uhv" }, { "vulnerability": "VCID-u55w-unmd-97cm" }, { "vulnerability": "VCID-udcq-enxt-wyf1" }, { "vulnerability": "VCID-ugd8-9xzt-xbdz" }, { "vulnerability": "VCID-uvht-9bt9-hfbb" }, { "vulnerability": "VCID-v3m6-zajw-bfhb" }, { "vulnerability": "VCID-vugd-2jfz-23b5" }, { "vulnerability": "VCID-x3uy-7crx-2kae" }, { "vulnerability": "VCID-xuyn-pjpb-g7du" }, { "vulnerability": "VCID-xxkx-w5pc-5uap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/942886?format=api", "purl": "pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15fz-hhc7-kyaa" }, { "vulnerability": "VCID-24mg-wn6a-6bew" }, { "vulnerability": "VCID-3gve-u4f4-bkht" }, { "vulnerability": "VCID-4zyq-af27-yqa4" }, { "vulnerability": "VCID-75y2-h9uk-n3a6" }, { "vulnerability": "VCID-9jb1-k32z-w7gw" }, { "vulnerability": "VCID-bfap-h1d9-33dj" }, { "vulnerability": "VCID-cv4y-g4un-ckd4" }, { "vulnerability": "VCID-f5kd-yqz2-nkcb" }, { "vulnerability": "VCID-g5u9-khw6-4kgn" }, { "vulnerability": "VCID-gtdh-mytb-t3fh" }, { "vulnerability": "VCID-hdbf-118z-2yec" }, { "vulnerability": "VCID-jc3b-m4ud-n7fw" }, { "vulnerability": "VCID-jvnf-vh29-ufdh" }, { "vulnerability": "VCID-n6uz-fe7m-uqhk" }, { "vulnerability": "VCID-nqhj-d7uw-43hd" }, { "vulnerability": "VCID-srmp-3tvp-9uhv" }, { "vulnerability": "VCID-u55w-unmd-97cm" }, { "vulnerability": "VCID-udcq-enxt-wyf1" }, { "vulnerability": "VCID-ugd8-9xzt-xbdz" }, { "vulnerability": "VCID-vugd-2jfz-23b5" }, { "vulnerability": "VCID-x3uy-7crx-2kae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076143?format=api", "purl": "pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-5288" ], "risk_score": 2.3, "exploitability": "0.5", "weighted_severity": "4.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xfgd-4hs3-vygk" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%3Fdistro=trixie" }