Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
Typedeb
Namespacedebian
Namewolfssl
Version5.9.0-0.1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version5.9.1-0.1
Latest_non_vulnerable_version5.9.1-0.1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-2ry7-trrg-gfdk
vulnerability_id VCID-2ry7-trrg-gfdk
summary Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled (HAVE_ALPN / --enable-alpn). A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash (denial of service). Note that ALPN is disabled by default, but is enabled for these 3rd party compatibility features: enable-apachehttpd, enable-bind, enable-curl, enable-haproxy, enable-hitch, enable-lighty, enable-jni, enable-nginx, enable-quic.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3547
reference_id
reference_type
scores
0
value 0.00046
scoring_system epss
scoring_elements 0.14329
published_at 2026-04-02T12:55:00Z
1
value 0.00046
scoring_system epss
scoring_elements 0.14188
published_at 2026-04-13T12:55:00Z
2
value 0.00046
scoring_system epss
scoring_elements 0.14078
published_at 2026-04-16T12:55:00Z
3
value 0.00046
scoring_system epss
scoring_elements 0.14077
published_at 2026-04-18T12:55:00Z
4
value 0.00046
scoring_system epss
scoring_elements 0.14393
published_at 2026-04-04T12:55:00Z
5
value 0.00046
scoring_system epss
scoring_elements 0.142
published_at 2026-04-07T12:55:00Z
6
value 0.00046
scoring_system epss
scoring_elements 0.14282
published_at 2026-04-11T12:55:00Z
7
value 0.00046
scoring_system epss
scoring_elements 0.14336
published_at 2026-04-09T12:55:00Z
8
value 0.00046
scoring_system epss
scoring_elements 0.14244
published_at 2026-04-12T12:55:00Z
9
value 0.0005
scoring_system epss
scoring_elements 0.1557
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3547
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3547
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3547
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9859
reference_id 9859
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-21T03:33:12Z/
url https://github.com/wolfSSL/wolfssl/pull/9859
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.1%3Fdistro=trixie
1
url pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15fz-hhc7-kyaa
1
vulnerability VCID-24mg-wn6a-6bew
2
vulnerability VCID-3gve-u4f4-bkht
3
vulnerability VCID-4zyq-af27-yqa4
4
vulnerability VCID-75y2-h9uk-n3a6
5
vulnerability VCID-9jb1-k32z-w7gw
6
vulnerability VCID-bfap-h1d9-33dj
7
vulnerability VCID-cv4y-g4un-ckd4
8
vulnerability VCID-f5kd-yqz2-nkcb
9
vulnerability VCID-g5u9-khw6-4kgn
10
vulnerability VCID-gtdh-mytb-t3fh
11
vulnerability VCID-hdbf-118z-2yec
12
vulnerability VCID-jc3b-m4ud-n7fw
13
vulnerability VCID-jvnf-vh29-ufdh
14
vulnerability VCID-n6uz-fe7m-uqhk
15
vulnerability VCID-nqhj-d7uw-43hd
16
vulnerability VCID-srmp-3tvp-9uhv
17
vulnerability VCID-u55w-unmd-97cm
18
vulnerability VCID-udcq-enxt-wyf1
19
vulnerability VCID-ugd8-9xzt-xbdz
20
vulnerability VCID-vugd-2jfz-23b5
21
vulnerability VCID-x3uy-7crx-2kae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie
2
url pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie
aliases CVE-2026-3547
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ry7-trrg-gfdk
1
url VCID-4zda-zrq6-hbc8
vulnerability_id VCID-4zda-zrq6-hbc8
summary wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted __muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions (sp_256_mul_9, sp_256_sqr_9, etc.), leading to a timing side-channel that may expose sensitive cryptographic data.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3579
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01496
published_at 2026-04-21T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.08687
published_at 2026-04-09T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.08539
published_at 2026-04-16T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.08527
published_at 2026-04-18T12:55:00Z
4
value 0.0003
scoring_system epss
scoring_elements 0.08669
published_at 2026-04-04T12:55:00Z
5
value 0.0003
scoring_system epss
scoring_elements 0.08589
published_at 2026-04-07T12:55:00Z
6
value 0.0003
scoring_system epss
scoring_elements 0.08663
published_at 2026-04-12T12:55:00Z
7
value 0.0003
scoring_system epss
scoring_elements 0.08618
published_at 2026-04-02T12:55:00Z
8
value 0.0003
scoring_system epss
scoring_elements 0.08686
published_at 2026-04-11T12:55:00Z
9
value 0.0003
scoring_system epss
scoring_elements 0.0865
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3579
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3579
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3579
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9855
reference_id 9855
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T01:36:44Z/
url https://github.com/wolfSSL/wolfssl/pull/9855
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.1%3Fdistro=trixie
1
url pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15fz-hhc7-kyaa
1
vulnerability VCID-24mg-wn6a-6bew
2
vulnerability VCID-3gve-u4f4-bkht
3
vulnerability VCID-4zyq-af27-yqa4
4
vulnerability VCID-75y2-h9uk-n3a6
5
vulnerability VCID-9jb1-k32z-w7gw
6
vulnerability VCID-bfap-h1d9-33dj
7
vulnerability VCID-cv4y-g4un-ckd4
8
vulnerability VCID-f5kd-yqz2-nkcb
9
vulnerability VCID-g5u9-khw6-4kgn
10
vulnerability VCID-gtdh-mytb-t3fh
11
vulnerability VCID-hdbf-118z-2yec
12
vulnerability VCID-jc3b-m4ud-n7fw
13
vulnerability VCID-jvnf-vh29-ufdh
14
vulnerability VCID-n6uz-fe7m-uqhk
15
vulnerability VCID-nqhj-d7uw-43hd
16
vulnerability VCID-srmp-3tvp-9uhv
17
vulnerability VCID-u55w-unmd-97cm
18
vulnerability VCID-udcq-enxt-wyf1
19
vulnerability VCID-ugd8-9xzt-xbdz
20
vulnerability VCID-vugd-2jfz-23b5
21
vulnerability VCID-x3uy-7crx-2kae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie
2
url pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie
aliases CVE-2026-3579
risk_score 0.9
exploitability 0.5
weighted_severity 1.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4zda-zrq6-hbc8
2
url VCID-6v8z-cfax-zqbh
vulnerability_id VCID-6v8z-cfax-zqbh
summary In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 (wolfSSL 5.8.2 and earlier is vulnerable, 5.8.4 is not vulnerable). In 5.8.4 wolfSSL would detect the issue later in the handshake. 5.9.0 was further hardened to catch the issue earlier in the handshake.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2645
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.08087
published_at 2026-04-02T12:55:00Z
1
value 0.00029
scoring_system epss
scoring_elements 0.08122
published_at 2026-04-13T12:55:00Z
2
value 0.00029
scoring_system epss
scoring_elements 0.08028
published_at 2026-04-16T12:55:00Z
3
value 0.00029
scoring_system epss
scoring_elements 0.08014
published_at 2026-04-18T12:55:00Z
4
value 0.00029
scoring_system epss
scoring_elements 0.0813
published_at 2026-04-04T12:55:00Z
5
value 0.00029
scoring_system epss
scoring_elements 0.08081
published_at 2026-04-07T12:55:00Z
6
value 0.00029
scoring_system epss
scoring_elements 0.08143
published_at 2026-04-08T12:55:00Z
7
value 0.00029
scoring_system epss
scoring_elements 0.08165
published_at 2026-04-09T12:55:00Z
8
value 0.00029
scoring_system epss
scoring_elements 0.08157
published_at 2026-04-11T12:55:00Z
9
value 0.00029
scoring_system epss
scoring_elements 0.08138
published_at 2026-04-12T12:55:00Z
10
value 0.00033
scoring_system epss
scoring_elements 0.09541
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2645
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2645
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2645
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9694
reference_id 9694
reference_type
scores
0
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:45:34Z/
url https://github.com/wolfSSL/wolfssl/pull/9694
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.1%3Fdistro=trixie
1
url pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15fz-hhc7-kyaa
1
vulnerability VCID-24mg-wn6a-6bew
2
vulnerability VCID-3gve-u4f4-bkht
3
vulnerability VCID-4zyq-af27-yqa4
4
vulnerability VCID-75y2-h9uk-n3a6
5
vulnerability VCID-9jb1-k32z-w7gw
6
vulnerability VCID-bfap-h1d9-33dj
7
vulnerability VCID-cv4y-g4un-ckd4
8
vulnerability VCID-f5kd-yqz2-nkcb
9
vulnerability VCID-g5u9-khw6-4kgn
10
vulnerability VCID-gtdh-mytb-t3fh
11
vulnerability VCID-hdbf-118z-2yec
12
vulnerability VCID-jc3b-m4ud-n7fw
13
vulnerability VCID-jvnf-vh29-ufdh
14
vulnerability VCID-n6uz-fe7m-uqhk
15
vulnerability VCID-nqhj-d7uw-43hd
16
vulnerability VCID-srmp-3tvp-9uhv
17
vulnerability VCID-u55w-unmd-97cm
18
vulnerability VCID-udcq-enxt-wyf1
19
vulnerability VCID-ugd8-9xzt-xbdz
20
vulnerability VCID-vugd-2jfz-23b5
21
vulnerability VCID-x3uy-7crx-2kae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie
2
url pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie
aliases CVE-2026-2645
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6v8z-cfax-zqbh
3
url VCID-9jpj-dfsf-qkce
vulnerability_id VCID-9jpj-dfsf-qkce
summary Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_DecodePacket. The underflow wraps a 16-bit length to a large value that is passed to AEAD decryption routines, causing heap buffer overflow and a crash. An unauthenticated attacker can trigger this remotely via malformed TLS Application Data records.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1005
reference_id
reference_type
scores
0
value 0.00064
scoring_system epss
scoring_elements 0.1991
published_at 2026-04-18T12:55:00Z
1
value 0.00064
scoring_system epss
scoring_elements 0.19906
published_at 2026-04-16T12:55:00Z
2
value 0.00064
scoring_system epss
scoring_elements 0.19928
published_at 2026-04-13T12:55:00Z
3
value 0.00081
scoring_system epss
scoring_elements 0.23922
published_at 2026-04-08T12:55:00Z
4
value 0.00081
scoring_system epss
scoring_elements 0.23968
published_at 2026-04-09T12:55:00Z
5
value 0.00081
scoring_system epss
scoring_elements 0.23985
published_at 2026-04-11T12:55:00Z
6
value 0.00081
scoring_system epss
scoring_elements 0.23941
published_at 2026-04-12T12:55:00Z
7
value 0.00081
scoring_system epss
scoring_elements 0.24035
published_at 2026-04-02T12:55:00Z
8
value 0.00081
scoring_system epss
scoring_elements 0.24073
published_at 2026-04-04T12:55:00Z
9
value 0.00081
scoring_system epss
scoring_elements 0.23856
published_at 2026-04-07T12:55:00Z
10
value 0.00098
scoring_system epss
scoring_elements 0.26886
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1005
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1005
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9571
reference_id 9571
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:19:54Z/
url https://github.com/wolfSSL/wolfssl/pull/9571
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.1%3Fdistro=trixie
1
url pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15fz-hhc7-kyaa
1
vulnerability VCID-24mg-wn6a-6bew
2
vulnerability VCID-3gve-u4f4-bkht
3
vulnerability VCID-4zyq-af27-yqa4
4
vulnerability VCID-75y2-h9uk-n3a6
5
vulnerability VCID-9jb1-k32z-w7gw
6
vulnerability VCID-bfap-h1d9-33dj
7
vulnerability VCID-cv4y-g4un-ckd4
8
vulnerability VCID-f5kd-yqz2-nkcb
9
vulnerability VCID-g5u9-khw6-4kgn
10
vulnerability VCID-gtdh-mytb-t3fh
11
vulnerability VCID-hdbf-118z-2yec
12
vulnerability VCID-jc3b-m4ud-n7fw
13
vulnerability VCID-jvnf-vh29-ufdh
14
vulnerability VCID-n6uz-fe7m-uqhk
15
vulnerability VCID-nqhj-d7uw-43hd
16
vulnerability VCID-srmp-3tvp-9uhv
17
vulnerability VCID-u55w-unmd-97cm
18
vulnerability VCID-udcq-enxt-wyf1
19
vulnerability VCID-ugd8-9xzt-xbdz
20
vulnerability VCID-vugd-2jfz-23b5
21
vulnerability VCID-x3uy-7crx-2kae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie
2
url pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie
aliases CVE-2026-1005
risk_score 0.9
exploitability 0.5
weighted_severity 1.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9jpj-dfsf-qkce
4
url VCID-9jw2-3v9v-ruap
vulnerability_id VCID-9jw2-3v9v-ruap
summary Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during Keccak-based expansion. This issue affects wolfSSL (wolfCrypt): commit hash d86575c766e6e67ef93545fa69c04d6eb49400c6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3503
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.06492
published_at 2026-04-02T12:55:00Z
1
value 0.00024
scoring_system epss
scoring_elements 0.0659
published_at 2026-04-13T12:55:00Z
2
value 0.00024
scoring_system epss
scoring_elements 0.06516
published_at 2026-04-16T12:55:00Z
3
value 0.00024
scoring_system epss
scoring_elements 0.06523
published_at 2026-04-18T12:55:00Z
4
value 0.00024
scoring_system epss
scoring_elements 0.0653
published_at 2026-04-04T12:55:00Z
5
value 0.00024
scoring_system epss
scoring_elements 0.0652
published_at 2026-04-07T12:55:00Z
6
value 0.00024
scoring_system epss
scoring_elements 0.0657
published_at 2026-04-08T12:55:00Z
7
value 0.00024
scoring_system epss
scoring_elements 0.06614
published_at 2026-04-09T12:55:00Z
8
value 0.00024
scoring_system epss
scoring_elements 0.06607
published_at 2026-04-11T12:55:00Z
9
value 0.00024
scoring_system epss
scoring_elements 0.06599
published_at 2026-04-12T12:55:00Z
10
value 8e-05
scoring_system epss
scoring_elements 0.00799
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3503
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3503
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3503
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9734
reference_id 9734
reference_type
scores
0
value 4.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N/U:Amber
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T19:24:29Z/
url https://github.com/wolfSSL/wolfssl/pull/9734
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.1%3Fdistro=trixie
1
url pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15fz-hhc7-kyaa
1
vulnerability VCID-24mg-wn6a-6bew
2
vulnerability VCID-3gve-u4f4-bkht
3
vulnerability VCID-4zyq-af27-yqa4
4
vulnerability VCID-75y2-h9uk-n3a6
5
vulnerability VCID-9jb1-k32z-w7gw
6
vulnerability VCID-bfap-h1d9-33dj
7
vulnerability VCID-cv4y-g4un-ckd4
8
vulnerability VCID-f5kd-yqz2-nkcb
9
vulnerability VCID-g5u9-khw6-4kgn
10
vulnerability VCID-gtdh-mytb-t3fh
11
vulnerability VCID-hdbf-118z-2yec
12
vulnerability VCID-jc3b-m4ud-n7fw
13
vulnerability VCID-jvnf-vh29-ufdh
14
vulnerability VCID-n6uz-fe7m-uqhk
15
vulnerability VCID-nqhj-d7uw-43hd
16
vulnerability VCID-srmp-3tvp-9uhv
17
vulnerability VCID-u55w-unmd-97cm
18
vulnerability VCID-udcq-enxt-wyf1
19
vulnerability VCID-ugd8-9xzt-xbdz
20
vulnerability VCID-vugd-2jfz-23b5
21
vulnerability VCID-x3uy-7crx-2kae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie
2
url pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie
aliases CVE-2026-3503
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9jw2-3v9v-ruap
5
url VCID-9x14-2t7m-1kbm
vulnerability_id VCID-9x14-2t7m-1kbm
summary Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3549
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.07306
published_at 2026-04-21T12:55:00Z
1
value 0.00067
scoring_system epss
scoring_elements 0.20873
published_at 2026-04-09T12:55:00Z
2
value 0.00067
scoring_system epss
scoring_elements 0.20783
published_at 2026-04-16T12:55:00Z
3
value 0.00067
scoring_system epss
scoring_elements 0.20776
published_at 2026-04-18T12:55:00Z
4
value 0.00067
scoring_system epss
scoring_elements 0.21017
published_at 2026-04-04T12:55:00Z
5
value 0.00067
scoring_system epss
scoring_elements 0.20734
published_at 2026-04-07T12:55:00Z
6
value 0.00067
scoring_system epss
scoring_elements 0.20812
published_at 2026-04-08T12:55:00Z
7
value 0.00067
scoring_system epss
scoring_elements 0.20959
published_at 2026-04-02T12:55:00Z
8
value 0.00067
scoring_system epss
scoring_elements 0.20889
published_at 2026-04-11T12:55:00Z
9
value 0.00067
scoring_system epss
scoring_elements 0.20845
published_at 2026-04-12T12:55:00Z
10
value 0.00067
scoring_system epss
scoring_elements 0.20793
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3549
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3549
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3549
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9817
reference_id 9817
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T01:37:47Z/
url https://github.com/wolfSSL/wolfssl/pull/9817
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.1%3Fdistro=trixie
1
url pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15fz-hhc7-kyaa
1
vulnerability VCID-24mg-wn6a-6bew
2
vulnerability VCID-3gve-u4f4-bkht
3
vulnerability VCID-4zyq-af27-yqa4
4
vulnerability VCID-75y2-h9uk-n3a6
5
vulnerability VCID-9jb1-k32z-w7gw
6
vulnerability VCID-bfap-h1d9-33dj
7
vulnerability VCID-cv4y-g4un-ckd4
8
vulnerability VCID-f5kd-yqz2-nkcb
9
vulnerability VCID-g5u9-khw6-4kgn
10
vulnerability VCID-gtdh-mytb-t3fh
11
vulnerability VCID-hdbf-118z-2yec
12
vulnerability VCID-jc3b-m4ud-n7fw
13
vulnerability VCID-jvnf-vh29-ufdh
14
vulnerability VCID-n6uz-fe7m-uqhk
15
vulnerability VCID-nqhj-d7uw-43hd
16
vulnerability VCID-srmp-3tvp-9uhv
17
vulnerability VCID-u55w-unmd-97cm
18
vulnerability VCID-udcq-enxt-wyf1
19
vulnerability VCID-ugd8-9xzt-xbdz
20
vulnerability VCID-vugd-2jfz-23b5
21
vulnerability VCID-x3uy-7crx-2kae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie
2
url pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie
aliases CVE-2026-3549
risk_score 3.8
exploitability 0.5
weighted_severity 7.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9x14-2t7m-1kbm
6
url VCID-f57c-kamk-3bct
vulnerability_id VCID-f57c-kamk-3bct
summary 1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted content. Note that PKCS7 support is disabled by default.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4159
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.04883
published_at 2026-04-02T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.04924
published_at 2026-04-13T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.04873
published_at 2026-04-16T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.0488
published_at 2026-04-18T12:55:00Z
4
value 0.00019
scoring_system epss
scoring_elements 0.04908
published_at 2026-04-04T12:55:00Z
5
value 0.00019
scoring_system epss
scoring_elements 0.04927
published_at 2026-04-07T12:55:00Z
6
value 0.00019
scoring_system epss
scoring_elements 0.04963
published_at 2026-04-08T12:55:00Z
7
value 0.00019
scoring_system epss
scoring_elements 0.04979
published_at 2026-04-09T12:55:00Z
8
value 0.00019
scoring_system epss
scoring_elements 0.04961
published_at 2026-04-11T12:55:00Z
9
value 0.00019
scoring_system epss
scoring_elements 0.04942
published_at 2026-04-12T12:55:00Z
10
value 0.0002
scoring_system epss
scoring_elements 0.05606
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4159
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4159
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4159
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9945
reference_id 9945
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Green
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T16:28:57Z/
url https://github.com/wolfSSL/wolfssl/pull/9945
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.1%3Fdistro=trixie
1
url pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15fz-hhc7-kyaa
1
vulnerability VCID-24mg-wn6a-6bew
2
vulnerability VCID-3gve-u4f4-bkht
3
vulnerability VCID-4zyq-af27-yqa4
4
vulnerability VCID-75y2-h9uk-n3a6
5
vulnerability VCID-9jb1-k32z-w7gw
6
vulnerability VCID-bfap-h1d9-33dj
7
vulnerability VCID-cv4y-g4un-ckd4
8
vulnerability VCID-f5kd-yqz2-nkcb
9
vulnerability VCID-g5u9-khw6-4kgn
10
vulnerability VCID-gtdh-mytb-t3fh
11
vulnerability VCID-hdbf-118z-2yec
12
vulnerability VCID-jc3b-m4ud-n7fw
13
vulnerability VCID-jvnf-vh29-ufdh
14
vulnerability VCID-n6uz-fe7m-uqhk
15
vulnerability VCID-nqhj-d7uw-43hd
16
vulnerability VCID-srmp-3tvp-9uhv
17
vulnerability VCID-u55w-unmd-97cm
18
vulnerability VCID-udcq-enxt-wyf1
19
vulnerability VCID-ugd8-9xzt-xbdz
20
vulnerability VCID-vugd-2jfz-23b5
21
vulnerability VCID-x3uy-7crx-2kae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie
2
url pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie
aliases CVE-2026-4159
risk_score 0.6
exploitability 0.5
weighted_severity 1.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f57c-kamk-3bct
7
url VCID-fmtp-x6y7-83g1
vulnerability_id VCID-fmtp-x6y7-83g1
summary Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs, either of these out of bound writes could be triggered. Note this only affects builds that specifically enable CRL support, and the user would need to load a CRL from an untrusted source.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3548
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05441
published_at 2026-04-16T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05537
published_at 2026-04-09T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05511
published_at 2026-04-11T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05498
published_at 2026-04-12T12:55:00Z
4
value 0.0002
scoring_system epss
scoring_elements 0.05491
published_at 2026-04-13T12:55:00Z
5
value 0.0002
scoring_system epss
scoring_elements 0.0545
published_at 2026-04-18T12:55:00Z
6
value 0.0002
scoring_system epss
scoring_elements 0.05475
published_at 2026-04-04T12:55:00Z
7
value 0.0002
scoring_system epss
scoring_elements 0.05479
published_at 2026-04-07T12:55:00Z
8
value 0.0002
scoring_system epss
scoring_elements 0.05516
published_at 2026-04-08T12:55:00Z
9
value 0.00022
scoring_system epss
scoring_elements 0.06125
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3548
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3548
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3548
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9628/
reference_id 9628
reference_type
scores
0
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-19T18:00:17Z/
url https://github.com/wolfSSL/wolfssl/pull/9628/
3
reference_url https://github.com/wolfSSL/wolfssl/pull/9873/
reference_id 9873
reference_type
scores
0
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-19T18:00:17Z/
url https://github.com/wolfSSL/wolfssl/pull/9873/
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.1%3Fdistro=trixie
1
url pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15fz-hhc7-kyaa
1
vulnerability VCID-24mg-wn6a-6bew
2
vulnerability VCID-3gve-u4f4-bkht
3
vulnerability VCID-4zyq-af27-yqa4
4
vulnerability VCID-75y2-h9uk-n3a6
5
vulnerability VCID-9jb1-k32z-w7gw
6
vulnerability VCID-bfap-h1d9-33dj
7
vulnerability VCID-cv4y-g4un-ckd4
8
vulnerability VCID-f5kd-yqz2-nkcb
9
vulnerability VCID-g5u9-khw6-4kgn
10
vulnerability VCID-gtdh-mytb-t3fh
11
vulnerability VCID-hdbf-118z-2yec
12
vulnerability VCID-jc3b-m4ud-n7fw
13
vulnerability VCID-jvnf-vh29-ufdh
14
vulnerability VCID-n6uz-fe7m-uqhk
15
vulnerability VCID-nqhj-d7uw-43hd
16
vulnerability VCID-srmp-3tvp-9uhv
17
vulnerability VCID-u55w-unmd-97cm
18
vulnerability VCID-udcq-enxt-wyf1
19
vulnerability VCID-ugd8-9xzt-xbdz
20
vulnerability VCID-vugd-2jfz-23b5
21
vulnerability VCID-x3uy-7crx-2kae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie
2
url pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie
aliases CVE-2026-3548
risk_score 3.2
exploitability 0.5
weighted_severity 6.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fmtp-x6y7-83g1
8
url VCID-gmdj-a1ys-tqc2
vulnerability_id VCID-gmdj-a1ys-tqc2
summary Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH (Encrypted Client Hello) support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client program crash. This could be exploited by a malicious TLS server supporting ECH. Note that ECH is off by default, and is only enabled with enable-ech.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3849
reference_id
reference_type
scores
0
value 0.00199
scoring_system epss
scoring_elements 0.41985
published_at 2026-04-02T12:55:00Z
1
value 0.00199
scoring_system epss
scoring_elements 0.4197
published_at 2026-04-13T12:55:00Z
2
value 0.00199
scoring_system epss
scoring_elements 0.42019
published_at 2026-04-16T12:55:00Z
3
value 0.00199
scoring_system epss
scoring_elements 0.41993
published_at 2026-04-18T12:55:00Z
4
value 0.00199
scoring_system epss
scoring_elements 0.42012
published_at 2026-04-04T12:55:00Z
5
value 0.00199
scoring_system epss
scoring_elements 0.41938
published_at 2026-04-07T12:55:00Z
6
value 0.00199
scoring_system epss
scoring_elements 0.41989
published_at 2026-04-08T12:55:00Z
7
value 0.00199
scoring_system epss
scoring_elements 0.42
published_at 2026-04-09T12:55:00Z
8
value 0.00199
scoring_system epss
scoring_elements 0.42022
published_at 2026-04-11T12:55:00Z
9
value 0.00199
scoring_system epss
scoring_elements 0.41984
published_at 2026-04-12T12:55:00Z
10
value 0.00217
scoring_system epss
scoring_elements 0.44233
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3849
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3849
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3849
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9737
reference_id 9737
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/V:D/RE:M/U:Amber
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T14:21:05Z/
url https://github.com/wolfSSL/wolfssl/pull/9737
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.1%3Fdistro=trixie
1
url pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15fz-hhc7-kyaa
1
vulnerability VCID-24mg-wn6a-6bew
2
vulnerability VCID-3gve-u4f4-bkht
3
vulnerability VCID-4zyq-af27-yqa4
4
vulnerability VCID-75y2-h9uk-n3a6
5
vulnerability VCID-9jb1-k32z-w7gw
6
vulnerability VCID-bfap-h1d9-33dj
7
vulnerability VCID-cv4y-g4un-ckd4
8
vulnerability VCID-f5kd-yqz2-nkcb
9
vulnerability VCID-g5u9-khw6-4kgn
10
vulnerability VCID-gtdh-mytb-t3fh
11
vulnerability VCID-hdbf-118z-2yec
12
vulnerability VCID-jc3b-m4ud-n7fw
13
vulnerability VCID-jvnf-vh29-ufdh
14
vulnerability VCID-n6uz-fe7m-uqhk
15
vulnerability VCID-nqhj-d7uw-43hd
16
vulnerability VCID-srmp-3tvp-9uhv
17
vulnerability VCID-u55w-unmd-97cm
18
vulnerability VCID-udcq-enxt-wyf1
19
vulnerability VCID-ugd8-9xzt-xbdz
20
vulnerability VCID-vugd-2jfz-23b5
21
vulnerability VCID-x3uy-7crx-2kae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie
2
url pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie
aliases CVE-2026-3849
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gmdj-a1ys-tqc2
9
url VCID-h6na-nxxq-5yg9
vulnerability_id VCID-h6na-nxxq-5yg9
summary A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wc_PKCS7_BuildSignedAttributes(), when adding custom signed attributes, the code passes an incorrect capacity value (esd->signedAttribsCount) to EncodeAttributes() instead of the remaining available space in the fixed-size signedAttribs[7] array. When an application sets pkcs7->signedAttribsSz to a value greater than MAX_SIGNED_ATTRIBS_SZ (default 7) minus the number of default attributes already added, EncodeAttributes() writes beyond the array bounds, causing stack memory corruption. In WOLFSSL_SMALL_STACK builds, this becomes heap corruption. Exploitation requires an application that allows untrusted input to control the signedAttribs array size when calling wc_PKCS7_EncodeSignedData() or related signing functions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-0819
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.05879
published_at 2026-04-02T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.05944
published_at 2026-04-13T12:55:00Z
2
value 0.00022
scoring_system epss
scoring_elements 0.05908
published_at 2026-04-16T12:55:00Z
3
value 0.00022
scoring_system epss
scoring_elements 0.05919
published_at 2026-04-18T12:55:00Z
4
value 0.00022
scoring_system epss
scoring_elements 0.05912
published_at 2026-04-04T12:55:00Z
5
value 0.00022
scoring_system epss
scoring_elements 0.05904
published_at 2026-04-07T12:55:00Z
6
value 0.00022
scoring_system epss
scoring_elements 0.05942
published_at 2026-04-08T12:55:00Z
7
value 0.00022
scoring_system epss
scoring_elements 0.05981
published_at 2026-04-09T12:55:00Z
8
value 0.00022
scoring_system epss
scoring_elements 0.05962
published_at 2026-04-11T12:55:00Z
9
value 0.00022
scoring_system epss
scoring_elements 0.05953
published_at 2026-04-12T12:55:00Z
10
value 0.00024
scoring_system epss
scoring_elements 0.06602
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-0819
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0819
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0819
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9630
reference_id 9630
reference_type
scores
0
value 2.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-19T17:19:26Z/
url https://github.com/wolfSSL/wolfssl/pull/9630
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.1%3Fdistro=trixie
1
url pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15fz-hhc7-kyaa
1
vulnerability VCID-24mg-wn6a-6bew
2
vulnerability VCID-3gve-u4f4-bkht
3
vulnerability VCID-4zyq-af27-yqa4
4
vulnerability VCID-75y2-h9uk-n3a6
5
vulnerability VCID-9jb1-k32z-w7gw
6
vulnerability VCID-bfap-h1d9-33dj
7
vulnerability VCID-cv4y-g4un-ckd4
8
vulnerability VCID-f5kd-yqz2-nkcb
9
vulnerability VCID-g5u9-khw6-4kgn
10
vulnerability VCID-gtdh-mytb-t3fh
11
vulnerability VCID-hdbf-118z-2yec
12
vulnerability VCID-jc3b-m4ud-n7fw
13
vulnerability VCID-jvnf-vh29-ufdh
14
vulnerability VCID-n6uz-fe7m-uqhk
15
vulnerability VCID-nqhj-d7uw-43hd
16
vulnerability VCID-srmp-3tvp-9uhv
17
vulnerability VCID-u55w-unmd-97cm
18
vulnerability VCID-udcq-enxt-wyf1
19
vulnerability VCID-ugd8-9xzt-xbdz
20
vulnerability VCID-vugd-2jfz-23b5
21
vulnerability VCID-x3uy-7crx-2kae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie
2
url pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie
aliases CVE-2026-0819
risk_score 1.0
exploitability 0.5
weighted_severity 2.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h6na-nxxq-5yg9
10
url VCID-jxf4-y1au-5bhw
vulnerability_id VCID-jxf4-y1au-5bhw
summary Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffer via a crafted oversized EC public key point. The WOLFSSL_KCAPI_ECC code path copies the input to key->pubkey_raw (132 bytes) using XMEMCPY without a bounds check, unlike the ATECC code path which includes a length validation. This can be triggered during TLS key exchange when a malicious peer sends a crafted ECPoint in ServerKeyExchange.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4395
reference_id
reference_type
scores
0
value 0.00126
scoring_system epss
scoring_elements 0.32057
published_at 2026-04-02T12:55:00Z
1
value 0.00126
scoring_system epss
scoring_elements 0.31928
published_at 2026-04-13T12:55:00Z
2
value 0.00126
scoring_system epss
scoring_elements 0.31961
published_at 2026-04-16T12:55:00Z
3
value 0.00126
scoring_system epss
scoring_elements 0.31939
published_at 2026-04-18T12:55:00Z
4
value 0.00126
scoring_system epss
scoring_elements 0.32097
published_at 2026-04-04T12:55:00Z
5
value 0.00126
scoring_system epss
scoring_elements 0.31919
published_at 2026-04-07T12:55:00Z
6
value 0.00126
scoring_system epss
scoring_elements 0.31971
published_at 2026-04-08T12:55:00Z
7
value 0.00126
scoring_system epss
scoring_elements 0.32
published_at 2026-04-09T12:55:00Z
8
value 0.00126
scoring_system epss
scoring_elements 0.32003
published_at 2026-04-11T12:55:00Z
9
value 0.00126
scoring_system epss
scoring_elements 0.31962
published_at 2026-04-12T12:55:00Z
10
value 0.00138
scoring_system epss
scoring_elements 0.33779
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4395
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4395
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4395
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9988
reference_id 9988
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/AU:Y/R:U/V:D/RE:L/U:Amber
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T17:09:25Z/
url https://github.com/wolfSSL/wolfssl/pull/9988
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.1%3Fdistro=trixie
1
url pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15fz-hhc7-kyaa
1
vulnerability VCID-24mg-wn6a-6bew
2
vulnerability VCID-3gve-u4f4-bkht
3
vulnerability VCID-4zyq-af27-yqa4
4
vulnerability VCID-75y2-h9uk-n3a6
5
vulnerability VCID-9jb1-k32z-w7gw
6
vulnerability VCID-bfap-h1d9-33dj
7
vulnerability VCID-cv4y-g4un-ckd4
8
vulnerability VCID-f5kd-yqz2-nkcb
9
vulnerability VCID-g5u9-khw6-4kgn
10
vulnerability VCID-gtdh-mytb-t3fh
11
vulnerability VCID-hdbf-118z-2yec
12
vulnerability VCID-jc3b-m4ud-n7fw
13
vulnerability VCID-jvnf-vh29-ufdh
14
vulnerability VCID-n6uz-fe7m-uqhk
15
vulnerability VCID-nqhj-d7uw-43hd
16
vulnerability VCID-srmp-3tvp-9uhv
17
vulnerability VCID-u55w-unmd-97cm
18
vulnerability VCID-udcq-enxt-wyf1
19
vulnerability VCID-ugd8-9xzt-xbdz
20
vulnerability VCID-vugd-2jfz-23b5
21
vulnerability VCID-x3uy-7crx-2kae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie
2
url pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie
aliases CVE-2026-4395
risk_score 0.6
exploitability 0.5
weighted_severity 1.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jxf4-y1au-5bhw
11
url VCID-n64w-nq6a-m7bv
vulnerability_id VCID-n64w-nq6a-m7bv
summary In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_9 is optimized into conditional branches (bnez) by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret keys via timing analysis.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3580
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02074
published_at 2026-04-02T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02053
published_at 2026-04-13T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02029
published_at 2026-04-16T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02043
published_at 2026-04-18T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.0208
published_at 2026-04-04T12:55:00Z
5
value 0.00013
scoring_system epss
scoring_elements 0.02075
published_at 2026-04-07T12:55:00Z
6
value 0.00013
scoring_system epss
scoring_elements 0.02077
published_at 2026-04-08T12:55:00Z
7
value 0.00013
scoring_system epss
scoring_elements 0.02094
published_at 2026-04-09T12:55:00Z
8
value 0.00013
scoring_system epss
scoring_elements 0.02072
published_at 2026-04-11T12:55:00Z
9
value 0.00013
scoring_system epss
scoring_elements 0.02057
published_at 2026-04-12T12:55:00Z
10
value 5e-05
scoring_system epss
scoring_elements 0.00288
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3580
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3580
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3580
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9855
reference_id 9855
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T20:25:11Z/
url https://github.com/wolfSSL/wolfssl/pull/9855
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.1%3Fdistro=trixie
1
url pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15fz-hhc7-kyaa
1
vulnerability VCID-24mg-wn6a-6bew
2
vulnerability VCID-3gve-u4f4-bkht
3
vulnerability VCID-4zyq-af27-yqa4
4
vulnerability VCID-75y2-h9uk-n3a6
5
vulnerability VCID-9jb1-k32z-w7gw
6
vulnerability VCID-bfap-h1d9-33dj
7
vulnerability VCID-cv4y-g4un-ckd4
8
vulnerability VCID-f5kd-yqz2-nkcb
9
vulnerability VCID-g5u9-khw6-4kgn
10
vulnerability VCID-gtdh-mytb-t3fh
11
vulnerability VCID-hdbf-118z-2yec
12
vulnerability VCID-jc3b-m4ud-n7fw
13
vulnerability VCID-jvnf-vh29-ufdh
14
vulnerability VCID-n6uz-fe7m-uqhk
15
vulnerability VCID-nqhj-d7uw-43hd
16
vulnerability VCID-srmp-3tvp-9uhv
17
vulnerability VCID-u55w-unmd-97cm
18
vulnerability VCID-udcq-enxt-wyf1
19
vulnerability VCID-ugd8-9xzt-xbdz
20
vulnerability VCID-vugd-2jfz-23b5
21
vulnerability VCID-x3uy-7crx-2kae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie
2
url pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie
aliases CVE-2026-3580
risk_score 0.9
exploitability 0.5
weighted_severity 1.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n64w-nq6a-m7bv
12
url VCID-uvht-9bt9-hfbb
vulnerability_id VCID-uvht-9bt9-hfbb
summary Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does not affect the client's authentication of the server during TLS handshakes.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3230
reference_id
reference_type
scores
0
value 0.00061
scoring_system epss
scoring_elements 0.1932
published_at 2026-04-02T12:55:00Z
1
value 0.00061
scoring_system epss
scoring_elements 0.19372
published_at 2026-04-04T12:55:00Z
2
value 0.00061
scoring_system epss
scoring_elements 0.19088
published_at 2026-04-07T12:55:00Z
3
value 0.00061
scoring_system epss
scoring_elements 0.19168
published_at 2026-04-08T12:55:00Z
4
value 0.00061
scoring_system epss
scoring_elements 0.19221
published_at 2026-04-09T12:55:00Z
5
value 0.00061
scoring_system epss
scoring_elements 0.19227
published_at 2026-04-11T12:55:00Z
6
value 0.00061
scoring_system epss
scoring_elements 0.1918
published_at 2026-04-12T12:55:00Z
7
value 0.00065
scoring_system epss
scoring_elements 0.20023
published_at 2026-04-18T12:55:00Z
8
value 0.00065
scoring_system epss
scoring_elements 0.20036
published_at 2026-04-13T12:55:00Z
9
value 0.00065
scoring_system epss
scoring_elements 0.20018
published_at 2026-04-16T12:55:00Z
10
value 0.0007
scoring_system epss
scoring_elements 0.215
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3230
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3230
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3230
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9754
reference_id 9754
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/AU:Y/R:A/V:D/U:Clear
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T17:08:54Z/
url https://github.com/wolfSSL/wolfssl/pull/9754
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.1%3Fdistro=trixie
1
url pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15fz-hhc7-kyaa
1
vulnerability VCID-24mg-wn6a-6bew
2
vulnerability VCID-3gve-u4f4-bkht
3
vulnerability VCID-4zyq-af27-yqa4
4
vulnerability VCID-75y2-h9uk-n3a6
5
vulnerability VCID-9jb1-k32z-w7gw
6
vulnerability VCID-bfap-h1d9-33dj
7
vulnerability VCID-cv4y-g4un-ckd4
8
vulnerability VCID-f5kd-yqz2-nkcb
9
vulnerability VCID-g5u9-khw6-4kgn
10
vulnerability VCID-gtdh-mytb-t3fh
11
vulnerability VCID-hdbf-118z-2yec
12
vulnerability VCID-jc3b-m4ud-n7fw
13
vulnerability VCID-jvnf-vh29-ufdh
14
vulnerability VCID-n6uz-fe7m-uqhk
15
vulnerability VCID-nqhj-d7uw-43hd
16
vulnerability VCID-srmp-3tvp-9uhv
17
vulnerability VCID-u55w-unmd-97cm
18
vulnerability VCID-udcq-enxt-wyf1
19
vulnerability VCID-ugd8-9xzt-xbdz
20
vulnerability VCID-vugd-2jfz-23b5
21
vulnerability VCID-x3uy-7crx-2kae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie
2
url pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie
aliases CVE-2026-3230
risk_score 0.6
exploitability 0.5
weighted_severity 1.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uvht-9bt9-hfbb
13
url VCID-v3m6-zajw-bfhb
vulnerability_id VCID-v3m6-zajw-bfhb
summary An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certificate buffer. wolfssl_add_to_chain is called by these API: wolfSSL_CTX_add_extra_chain_cert, wolfSSL_CTX_add1_chain_cert, wolfSSL_add0_chain_cert. These API are enabled for 3rd party compatibility features: enable-opensslall, enable-opensslextra, enable-lighty, enable-stunnel, enable-nginx, enable-haproxy. This issue is not remotely exploitable, and would require that the application context loading certificates is compromised.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3229
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02087
published_at 2026-04-02T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02064
published_at 2026-04-13T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02039
published_at 2026-04-16T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02052
published_at 2026-04-18T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.02094
published_at 2026-04-04T12:55:00Z
5
value 0.00013
scoring_system epss
scoring_elements 0.02088
published_at 2026-04-07T12:55:00Z
6
value 0.00013
scoring_system epss
scoring_elements 0.02089
published_at 2026-04-08T12:55:00Z
7
value 0.00013
scoring_system epss
scoring_elements 0.02107
published_at 2026-04-09T12:55:00Z
8
value 0.00013
scoring_system epss
scoring_elements 0.02084
published_at 2026-04-11T12:55:00Z
9
value 0.00013
scoring_system epss
scoring_elements 0.02069
published_at 2026-04-12T12:55:00Z
10
value 0.00015
scoring_system epss
scoring_elements 0.03049
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3229
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3229
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3229
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9827
reference_id 9827
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T16:29:39Z/
url https://github.com/wolfSSL/wolfssl/pull/9827
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.1%3Fdistro=trixie
1
url pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15fz-hhc7-kyaa
1
vulnerability VCID-24mg-wn6a-6bew
2
vulnerability VCID-3gve-u4f4-bkht
3
vulnerability VCID-4zyq-af27-yqa4
4
vulnerability VCID-75y2-h9uk-n3a6
5
vulnerability VCID-9jb1-k32z-w7gw
6
vulnerability VCID-bfap-h1d9-33dj
7
vulnerability VCID-cv4y-g4un-ckd4
8
vulnerability VCID-f5kd-yqz2-nkcb
9
vulnerability VCID-g5u9-khw6-4kgn
10
vulnerability VCID-gtdh-mytb-t3fh
11
vulnerability VCID-hdbf-118z-2yec
12
vulnerability VCID-jc3b-m4ud-n7fw
13
vulnerability VCID-jvnf-vh29-ufdh
14
vulnerability VCID-n6uz-fe7m-uqhk
15
vulnerability VCID-nqhj-d7uw-43hd
16
vulnerability VCID-srmp-3tvp-9uhv
17
vulnerability VCID-u55w-unmd-97cm
18
vulnerability VCID-udcq-enxt-wyf1
19
vulnerability VCID-ugd8-9xzt-xbdz
20
vulnerability VCID-vugd-2jfz-23b5
21
vulnerability VCID-x3uy-7crx-2kae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie
2
url pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie
aliases CVE-2026-3229
risk_score 0.6
exploitability 0.5
weighted_severity 1.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v3m6-zajw-bfhb
14
url VCID-xuyn-pjpb-g7du
vulnerability_id VCID-xuyn-pjpb-g7du
summary A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When deserializing session data with SESSION_CERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and corrupt heap memory. A maliciously crafted session would need to be loaded from an external source to trigger this vulnerability. Internal sessions were not vulnerable.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2646
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02167
published_at 2026-04-07T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02166
published_at 2026-04-11T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02151
published_at 2026-04-12T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02148
published_at 2026-04-13T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.02123
published_at 2026-04-16T12:55:00Z
5
value 0.00013
scoring_system epss
scoring_elements 0.02135
published_at 2026-04-18T12:55:00Z
6
value 0.00013
scoring_system epss
scoring_elements 0.02172
published_at 2026-04-04T12:55:00Z
7
value 0.00013
scoring_system epss
scoring_elements 0.02168
published_at 2026-04-08T12:55:00Z
8
value 0.00013
scoring_system epss
scoring_elements 0.02189
published_at 2026-04-09T12:55:00Z
9
value 0.00015
scoring_system epss
scoring_elements 0.03195
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2646
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2646
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2646
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9748
reference_id 9748
reference_type
scores
0
value 5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:43:50Z/
url https://github.com/wolfSSL/wolfssl/pull/9748
3
reference_url https://github.com/wolfSSL/wolfssl/pull/9949
reference_id 9949
reference_type
scores
0
value 5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:43:50Z/
url https://github.com/wolfSSL/wolfssl/pull/9949
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.1%3Fdistro=trixie
1
url pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15fz-hhc7-kyaa
1
vulnerability VCID-24mg-wn6a-6bew
2
vulnerability VCID-3gve-u4f4-bkht
3
vulnerability VCID-4zyq-af27-yqa4
4
vulnerability VCID-75y2-h9uk-n3a6
5
vulnerability VCID-9jb1-k32z-w7gw
6
vulnerability VCID-bfap-h1d9-33dj
7
vulnerability VCID-cv4y-g4un-ckd4
8
vulnerability VCID-f5kd-yqz2-nkcb
9
vulnerability VCID-g5u9-khw6-4kgn
10
vulnerability VCID-gtdh-mytb-t3fh
11
vulnerability VCID-hdbf-118z-2yec
12
vulnerability VCID-jc3b-m4ud-n7fw
13
vulnerability VCID-jvnf-vh29-ufdh
14
vulnerability VCID-n6uz-fe7m-uqhk
15
vulnerability VCID-nqhj-d7uw-43hd
16
vulnerability VCID-srmp-3tvp-9uhv
17
vulnerability VCID-u55w-unmd-97cm
18
vulnerability VCID-udcq-enxt-wyf1
19
vulnerability VCID-ugd8-9xzt-xbdz
20
vulnerability VCID-vugd-2jfz-23b5
21
vulnerability VCID-x3uy-7crx-2kae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie
2
url pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie
aliases CVE-2026-2646
risk_score 2.2
exploitability 0.5
weighted_severity 4.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xuyn-pjpb-g7du
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.1%3Fdistro=trixie