Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1
Typedeb
Namespacedebian
Namewolfssl
Version5.7.2-0.1+deb13u1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.9.0-0.2
Latest_non_vulnerable_version5.9.0-0.2
Affected_by_vulnerabilities
0
url VCID-2ry7-trrg-gfdk
vulnerability_id VCID-2ry7-trrg-gfdk
summary Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled (HAVE_ALPN / --enable-alpn). A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash (denial of service). Note that ALPN is disabled by default, but is enabled for these 3rd party compatibility features: enable-apachehttpd, enable-bind, enable-curl, enable-haproxy, enable-hitch, enable-lighty, enable-jni, enable-nginx, enable-quic.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3547
reference_id
reference_type
scores
0
value 0.00046
scoring_system epss
scoring_elements 0.14078
published_at 2026-04-16T12:55:00Z
1
value 0.00046
scoring_system epss
scoring_elements 0.14188
published_at 2026-04-13T12:55:00Z
2
value 0.00046
scoring_system epss
scoring_elements 0.14329
published_at 2026-04-02T12:55:00Z
3
value 0.00046
scoring_system epss
scoring_elements 0.14393
published_at 2026-04-04T12:55:00Z
4
value 0.00046
scoring_system epss
scoring_elements 0.142
published_at 2026-04-07T12:55:00Z
5
value 0.00046
scoring_system epss
scoring_elements 0.14282
published_at 2026-04-11T12:55:00Z
6
value 0.00046
scoring_system epss
scoring_elements 0.14336
published_at 2026-04-09T12:55:00Z
7
value 0.00046
scoring_system epss
scoring_elements 0.14244
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3547
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3547
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3547
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9859
reference_id 9859
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-21T03:33:12Z/
url https://github.com/wolfSSL/wolfssl/pull/9859
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.2
purl pkg:deb/debian/wolfssl@5.9.0-0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2
aliases CVE-2026-3547
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ry7-trrg-gfdk
1
url VCID-4zda-zrq6-hbc8
vulnerability_id VCID-4zda-zrq6-hbc8
summary wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted __muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions (sp_256_mul_9, sp_256_sqr_9, etc.), leading to a timing side-channel that may expose sensitive cryptographic data.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3579
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.08539
published_at 2026-04-16T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.0865
published_at 2026-04-13T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.08618
published_at 2026-04-02T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.08669
published_at 2026-04-04T12:55:00Z
4
value 0.0003
scoring_system epss
scoring_elements 0.08589
published_at 2026-04-07T12:55:00Z
5
value 0.0003
scoring_system epss
scoring_elements 0.08663
published_at 2026-04-12T12:55:00Z
6
value 0.0003
scoring_system epss
scoring_elements 0.08687
published_at 2026-04-09T12:55:00Z
7
value 0.0003
scoring_system epss
scoring_elements 0.08686
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3579
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3579
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3579
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9855
reference_id 9855
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T01:36:44Z/
url https://github.com/wolfSSL/wolfssl/pull/9855
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.2
purl pkg:deb/debian/wolfssl@5.9.0-0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2
aliases CVE-2026-3579
risk_score 0.9
exploitability 0.5
weighted_severity 1.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4zda-zrq6-hbc8
2
url VCID-6v8z-cfax-zqbh
vulnerability_id VCID-6v8z-cfax-zqbh
summary In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 (wolfSSL 5.8.2 and earlier is vulnerable, 5.8.4 is not vulnerable). In 5.8.4 wolfSSL would detect the issue later in the handshake. 5.9.0 was further hardened to catch the issue earlier in the handshake.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2645
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.08028
published_at 2026-04-16T12:55:00Z
1
value 0.00029
scoring_system epss
scoring_elements 0.08122
published_at 2026-04-13T12:55:00Z
2
value 0.00029
scoring_system epss
scoring_elements 0.08087
published_at 2026-04-02T12:55:00Z
3
value 0.00029
scoring_system epss
scoring_elements 0.0813
published_at 2026-04-04T12:55:00Z
4
value 0.00029
scoring_system epss
scoring_elements 0.08081
published_at 2026-04-07T12:55:00Z
5
value 0.00029
scoring_system epss
scoring_elements 0.08143
published_at 2026-04-08T12:55:00Z
6
value 0.00029
scoring_system epss
scoring_elements 0.08165
published_at 2026-04-09T12:55:00Z
7
value 0.00029
scoring_system epss
scoring_elements 0.08157
published_at 2026-04-11T12:55:00Z
8
value 0.00029
scoring_system epss
scoring_elements 0.08138
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2645
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2645
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2645
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9694
reference_id 9694
reference_type
scores
0
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:45:34Z/
url https://github.com/wolfSSL/wolfssl/pull/9694
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.2
purl pkg:deb/debian/wolfssl@5.9.0-0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2
aliases CVE-2026-2645
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6v8z-cfax-zqbh
3
url VCID-8735-ectc-j7a3
vulnerability_id VCID-8735-ectc-j7a3
summary With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is supported, rather than those in the CertificateRequest.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-12889
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.03483
published_at 2026-04-16T12:55:00Z
1
value 0.00016
scoring_system epss
scoring_elements 0.03507
published_at 2026-04-13T12:55:00Z
2
value 0.00016
scoring_system epss
scoring_elements 0.03556
published_at 2026-04-02T12:55:00Z
3
value 0.00016
scoring_system epss
scoring_elements 0.0357
published_at 2026-04-04T12:55:00Z
4
value 0.00016
scoring_system epss
scoring_elements 0.03581
published_at 2026-04-07T12:55:00Z
5
value 0.00016
scoring_system epss
scoring_elements 0.03583
published_at 2026-04-08T12:55:00Z
6
value 0.00016
scoring_system epss
scoring_elements 0.03605
published_at 2026-04-09T12:55:00Z
7
value 0.00016
scoring_system epss
scoring_elements 0.03562
published_at 2026-04-11T12:55:00Z
8
value 0.00016
scoring_system epss
scoring_elements 0.03533
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-12889
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12889
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12889
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121205
reference_id 1121205
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121205
3
reference_url https://github.com/wolfSSL/wolfssl/pull/9395
reference_id 9395
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T16:15:50Z/
url https://github.com/wolfSSL/wolfssl/pull/9395
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.2
purl pkg:deb/debian/wolfssl@5.9.0-0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2
aliases CVE-2025-12889
risk_score 1.1
exploitability 0.5
weighted_severity 2.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8735-ectc-j7a3
4
url VCID-9jpj-dfsf-qkce
vulnerability_id VCID-9jpj-dfsf-qkce
summary Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_DecodePacket. The underflow wraps a 16-bit length to a large value that is passed to AEAD decryption routines, causing heap buffer overflow and a crash. An unauthenticated attacker can trigger this remotely via malformed TLS Application Data records.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1005
reference_id
reference_type
scores
0
value 0.00064
scoring_system epss
scoring_elements 0.19906
published_at 2026-04-16T12:55:00Z
1
value 0.00064
scoring_system epss
scoring_elements 0.19928
published_at 2026-04-13T12:55:00Z
2
value 0.00081
scoring_system epss
scoring_elements 0.23856
published_at 2026-04-07T12:55:00Z
3
value 0.00081
scoring_system epss
scoring_elements 0.24035
published_at 2026-04-02T12:55:00Z
4
value 0.00081
scoring_system epss
scoring_elements 0.23968
published_at 2026-04-09T12:55:00Z
5
value 0.00081
scoring_system epss
scoring_elements 0.23985
published_at 2026-04-11T12:55:00Z
6
value 0.00081
scoring_system epss
scoring_elements 0.23941
published_at 2026-04-12T12:55:00Z
7
value 0.00081
scoring_system epss
scoring_elements 0.23922
published_at 2026-04-08T12:55:00Z
8
value 0.00081
scoring_system epss
scoring_elements 0.24073
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1005
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1005
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9571
reference_id 9571
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:19:54Z/
url https://github.com/wolfSSL/wolfssl/pull/9571
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.2
purl pkg:deb/debian/wolfssl@5.9.0-0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2
aliases CVE-2026-1005
risk_score 0.9
exploitability 0.5
weighted_severity 1.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9jpj-dfsf-qkce
5
url VCID-9jw2-3v9v-ruap
vulnerability_id VCID-9jw2-3v9v-ruap
summary Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during Keccak-based expansion. This issue affects wolfSSL (wolfCrypt): commit hash d86575c766e6e67ef93545fa69c04d6eb49400c6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3503
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.06516
published_at 2026-04-16T12:55:00Z
1
value 0.00024
scoring_system epss
scoring_elements 0.0659
published_at 2026-04-13T12:55:00Z
2
value 0.00024
scoring_system epss
scoring_elements 0.06492
published_at 2026-04-02T12:55:00Z
3
value 0.00024
scoring_system epss
scoring_elements 0.0653
published_at 2026-04-04T12:55:00Z
4
value 0.00024
scoring_system epss
scoring_elements 0.0652
published_at 2026-04-07T12:55:00Z
5
value 0.00024
scoring_system epss
scoring_elements 0.0657
published_at 2026-04-08T12:55:00Z
6
value 0.00024
scoring_system epss
scoring_elements 0.06614
published_at 2026-04-09T12:55:00Z
7
value 0.00024
scoring_system epss
scoring_elements 0.06607
published_at 2026-04-11T12:55:00Z
8
value 0.00024
scoring_system epss
scoring_elements 0.06599
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3503
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3503
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3503
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9734
reference_id 9734
reference_type
scores
0
value 4.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N/U:Amber
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T19:24:29Z/
url https://github.com/wolfSSL/wolfssl/pull/9734
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.2
purl pkg:deb/debian/wolfssl@5.9.0-0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2
aliases CVE-2026-3503
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9jw2-3v9v-ruap
6
url VCID-9kev-ferz-5bhr
vulnerability_id VCID-9kev-ferz-5bhr
summary Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into non-constant-time binary by LLVM optimizations, which can potentially result in observable timing discrepancies and lead to information disclosure through timing side-channel attacks.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13912
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05169
published_at 2026-04-02T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05197
published_at 2026-04-04T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05219
published_at 2026-04-07T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05252
published_at 2026-04-08T12:55:00Z
4
value 0.0002
scoring_system epss
scoring_elements 0.05271
published_at 2026-04-09T12:55:00Z
5
value 0.0002
scoring_system epss
scoring_elements 0.05239
published_at 2026-04-11T12:55:00Z
6
value 0.00025
scoring_system epss
scoring_elements 0.06981
published_at 2026-04-13T12:55:00Z
7
value 0.00025
scoring_system epss
scoring_elements 0.06919
published_at 2026-04-16T12:55:00Z
8
value 0.00025
scoring_system epss
scoring_elements 0.06986
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13912
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13912
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13912
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9148
reference_id 9148
reference_type
scores
0
value 1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-11T19:19:06Z/
url https://github.com/wolfSSL/wolfssl/pull/9148
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.2
purl pkg:deb/debian/wolfssl@5.9.0-0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2
aliases CVE-2025-13912
risk_score 0.5
exploitability 0.5
weighted_severity 0.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9kev-ferz-5bhr
7
url VCID-9x14-2t7m-1kbm
vulnerability_id VCID-9x14-2t7m-1kbm
summary Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3549
reference_id
reference_type
scores
0
value 0.00067
scoring_system epss
scoring_elements 0.20783
published_at 2026-04-16T12:55:00Z
1
value 0.00067
scoring_system epss
scoring_elements 0.20793
published_at 2026-04-13T12:55:00Z
2
value 0.00067
scoring_system epss
scoring_elements 0.20959
published_at 2026-04-02T12:55:00Z
3
value 0.00067
scoring_system epss
scoring_elements 0.21017
published_at 2026-04-04T12:55:00Z
4
value 0.00067
scoring_system epss
scoring_elements 0.20734
published_at 2026-04-07T12:55:00Z
5
value 0.00067
scoring_system epss
scoring_elements 0.20812
published_at 2026-04-08T12:55:00Z
6
value 0.00067
scoring_system epss
scoring_elements 0.20873
published_at 2026-04-09T12:55:00Z
7
value 0.00067
scoring_system epss
scoring_elements 0.20889
published_at 2026-04-11T12:55:00Z
8
value 0.00067
scoring_system epss
scoring_elements 0.20845
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3549
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3549
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3549
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9817
reference_id 9817
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T01:37:47Z/
url https://github.com/wolfSSL/wolfssl/pull/9817
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.2
purl pkg:deb/debian/wolfssl@5.9.0-0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2
aliases CVE-2026-3549
risk_score 3.8
exploitability 0.5
weighted_severity 7.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9x14-2t7m-1kbm
8
url VCID-cxhw-3w24-dkes
vulnerability_id VCID-cxhw-3w24-dkes
summary The server previously verified the TLS 1.3 PSK binder using a non-constant time method which could potentially leak information about the PSK binder
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-11932
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02473
published_at 2026-04-16T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02488
published_at 2026-04-13T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02486
published_at 2026-04-02T12:55:00Z
3
value 0.00014
scoring_system epss
scoring_elements 0.02499
published_at 2026-04-07T12:55:00Z
4
value 0.00014
scoring_system epss
scoring_elements 0.02502
published_at 2026-04-08T12:55:00Z
5
value 0.00014
scoring_system epss
scoring_elements 0.02523
published_at 2026-04-09T12:55:00Z
6
value 0.00014
scoring_system epss
scoring_elements 0.025
published_at 2026-04-11T12:55:00Z
7
value 0.00014
scoring_system epss
scoring_elements 0.0249
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-11932
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11932
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11932
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121197
reference_id 1121197
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121197
3
reference_url https://github.com/wolfSSL/wolfssl/pull/9223
reference_id 9223
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T16:17:20Z/
url https://github.com/wolfSSL/wolfssl/pull/9223
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.2
purl pkg:deb/debian/wolfssl@5.9.0-0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2
aliases CVE-2025-11932
risk_score 1.1
exploitability 0.5
weighted_severity 2.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cxhw-3w24-dkes
9
url VCID-f57c-kamk-3bct
vulnerability_id VCID-f57c-kamk-3bct
summary 1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted content. Note that PKCS7 support is disabled by default.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4159
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.04873
published_at 2026-04-16T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.04924
published_at 2026-04-13T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.04883
published_at 2026-04-02T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.04908
published_at 2026-04-04T12:55:00Z
4
value 0.00019
scoring_system epss
scoring_elements 0.04927
published_at 2026-04-07T12:55:00Z
5
value 0.00019
scoring_system epss
scoring_elements 0.04963
published_at 2026-04-08T12:55:00Z
6
value 0.00019
scoring_system epss
scoring_elements 0.04979
published_at 2026-04-09T12:55:00Z
7
value 0.00019
scoring_system epss
scoring_elements 0.04961
published_at 2026-04-11T12:55:00Z
8
value 0.00019
scoring_system epss
scoring_elements 0.04942
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4159
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4159
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4159
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9945
reference_id 9945
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Green
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T16:28:57Z/
url https://github.com/wolfSSL/wolfssl/pull/9945
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.2
purl pkg:deb/debian/wolfssl@5.9.0-0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2
aliases CVE-2026-4159
risk_score 0.6
exploitability 0.5
weighted_severity 1.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f57c-kamk-3bct
10
url VCID-fmtp-x6y7-83g1
vulnerability_id VCID-fmtp-x6y7-83g1
summary Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs, either of these out of bound writes could be triggered. Note this only affects builds that specifically enable CRL support, and the user would need to load a CRL from an untrusted source.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3548
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05491
published_at 2026-04-13T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05537
published_at 2026-04-09T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05511
published_at 2026-04-11T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05498
published_at 2026-04-12T12:55:00Z
4
value 0.0002
scoring_system epss
scoring_elements 0.05441
published_at 2026-04-16T12:55:00Z
5
value 0.0002
scoring_system epss
scoring_elements 0.05475
published_at 2026-04-04T12:55:00Z
6
value 0.0002
scoring_system epss
scoring_elements 0.05479
published_at 2026-04-07T12:55:00Z
7
value 0.0002
scoring_system epss
scoring_elements 0.05516
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3548
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3548
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3548
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9628/
reference_id 9628
reference_type
scores
0
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-19T18:00:17Z/
url https://github.com/wolfSSL/wolfssl/pull/9628/
3
reference_url https://github.com/wolfSSL/wolfssl/pull/9873/
reference_id 9873
reference_type
scores
0
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-19T18:00:17Z/
url https://github.com/wolfSSL/wolfssl/pull/9873/
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.2
purl pkg:deb/debian/wolfssl@5.9.0-0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2
aliases CVE-2026-3548
risk_score 3.2
exploitability 0.5
weighted_severity 6.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fmtp-x6y7-83g1
11
url VCID-gcfd-w8je-kqfm
vulnerability_id VCID-gcfd-w8je-kqfm
summary With TLS 1.3 pre-shared key (PSK) a malicious or faulty server could ignore the request for PFS (perfect forward secrecy) and the client would continue on with the connection using PSK without PFS. This happened when a server responded to a ClientHello containing psk_dhe_ke without a key_share extension. The re-use of an authenticated PSK connection that on the clients side unexpectedly did not have PFS, reduces the security of the connection.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-11935
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01393
published_at 2026-04-16T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01408
published_at 2026-04-11T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01401
published_at 2026-04-12T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01402
published_at 2026-04-13T12:55:00Z
4
value 0.00011
scoring_system epss
scoring_elements 0.01399
published_at 2026-04-02T12:55:00Z
5
value 0.00011
scoring_system epss
scoring_elements 0.01404
published_at 2026-04-04T12:55:00Z
6
value 0.00011
scoring_system epss
scoring_elements 0.01409
published_at 2026-04-07T12:55:00Z
7
value 0.00011
scoring_system epss
scoring_elements 0.01414
published_at 2026-04-08T12:55:00Z
8
value 0.00011
scoring_system epss
scoring_elements 0.01415
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-11935
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11935
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11935
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121200
reference_id 1121200
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121200
3
reference_url https://github.com/wolfSSL/wolfssl/pull/9112
reference_id 9112
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:43:57Z/
url https://github.com/wolfSSL/wolfssl/pull/9112
4
reference_url https://github.com/wolfSSL/wolfssl
reference_id wolfssl
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:43:57Z/
url https://github.com/wolfSSL/wolfssl
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.2
purl pkg:deb/debian/wolfssl@5.9.0-0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2
aliases CVE-2025-11935
risk_score 2.9
exploitability 0.5
weighted_severity 5.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gcfd-w8je-kqfm
12
url VCID-gdur-h588-vbb6
vulnerability_id VCID-gdur-h588-vbb6
summary Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in wolfSSL 5.8.2 and earlier on multiple platforms allows for downgrading the signature algorithm used. For example when a client sends ECDSA P521 as the supported signature algorithm the server previously could respond as ECDSA P256 being the accepted signature algorithm and the connection would continue with using ECDSA P256, if the client supports ECDSA P256.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-11934
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03034
published_at 2026-04-16T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03094
published_at 2026-04-11T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.0307
published_at 2026-04-12T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03058
published_at 2026-04-13T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.03087
published_at 2026-04-02T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.03101
published_at 2026-04-04T12:55:00Z
6
value 0.00015
scoring_system epss
scoring_elements 0.03102
published_at 2026-04-07T12:55:00Z
7
value 0.00015
scoring_system epss
scoring_elements 0.03107
published_at 2026-04-08T12:55:00Z
8
value 0.00015
scoring_system epss
scoring_elements 0.03131
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-11934
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11934
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11934
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121199
reference_id 1121199
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121199
3
reference_url https://github.com/wolfSSL/wolfssl/pull/9113
reference_id 9113
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T16:22:47Z/
url https://github.com/wolfSSL/wolfssl/pull/9113
4
reference_url https://github.com/wolfSSL/wolfssl
reference_id wolfssl
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T16:22:47Z/
url https://github.com/wolfSSL/wolfssl
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.2
purl pkg:deb/debian/wolfssl@5.9.0-0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2
aliases CVE-2025-11934
risk_score 0.9
exploitability 0.5
weighted_severity 1.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gdur-h588-vbb6
13
url VCID-gmdj-a1ys-tqc2
vulnerability_id VCID-gmdj-a1ys-tqc2
summary Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH (Encrypted Client Hello) support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client program crash. This could be exploited by a malicious TLS server supporting ECH. Note that ECH is off by default, and is only enabled with enable-ech.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3849
reference_id
reference_type
scores
0
value 0.00199
scoring_system epss
scoring_elements 0.42019
published_at 2026-04-16T12:55:00Z
1
value 0.00199
scoring_system epss
scoring_elements 0.4197
published_at 2026-04-13T12:55:00Z
2
value 0.00199
scoring_system epss
scoring_elements 0.41985
published_at 2026-04-02T12:55:00Z
3
value 0.00199
scoring_system epss
scoring_elements 0.42012
published_at 2026-04-04T12:55:00Z
4
value 0.00199
scoring_system epss
scoring_elements 0.41938
published_at 2026-04-07T12:55:00Z
5
value 0.00199
scoring_system epss
scoring_elements 0.41989
published_at 2026-04-08T12:55:00Z
6
value 0.00199
scoring_system epss
scoring_elements 0.42
published_at 2026-04-09T12:55:00Z
7
value 0.00199
scoring_system epss
scoring_elements 0.42022
published_at 2026-04-11T12:55:00Z
8
value 0.00199
scoring_system epss
scoring_elements 0.41984
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3849
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3849
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3849
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9737
reference_id 9737
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/V:D/RE:M/U:Amber
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T14:21:05Z/
url https://github.com/wolfSSL/wolfssl/pull/9737
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.2
purl pkg:deb/debian/wolfssl@5.9.0-0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2
aliases CVE-2026-3849
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gmdj-a1ys-tqc2
14
url VCID-h6na-nxxq-5yg9
vulnerability_id VCID-h6na-nxxq-5yg9
summary A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wc_PKCS7_BuildSignedAttributes(), when adding custom signed attributes, the code passes an incorrect capacity value (esd->signedAttribsCount) to EncodeAttributes() instead of the remaining available space in the fixed-size signedAttribs[7] array. When an application sets pkcs7->signedAttribsSz to a value greater than MAX_SIGNED_ATTRIBS_SZ (default 7) minus the number of default attributes already added, EncodeAttributes() writes beyond the array bounds, causing stack memory corruption. In WOLFSSL_SMALL_STACK builds, this becomes heap corruption. Exploitation requires an application that allows untrusted input to control the signedAttribs array size when calling wc_PKCS7_EncodeSignedData() or related signing functions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-0819
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.05908
published_at 2026-04-16T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.05944
published_at 2026-04-13T12:55:00Z
2
value 0.00022
scoring_system epss
scoring_elements 0.05879
published_at 2026-04-02T12:55:00Z
3
value 0.00022
scoring_system epss
scoring_elements 0.05912
published_at 2026-04-04T12:55:00Z
4
value 0.00022
scoring_system epss
scoring_elements 0.05904
published_at 2026-04-07T12:55:00Z
5
value 0.00022
scoring_system epss
scoring_elements 0.05942
published_at 2026-04-08T12:55:00Z
6
value 0.00022
scoring_system epss
scoring_elements 0.05981
published_at 2026-04-09T12:55:00Z
7
value 0.00022
scoring_system epss
scoring_elements 0.05962
published_at 2026-04-11T12:55:00Z
8
value 0.00022
scoring_system epss
scoring_elements 0.05953
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-0819
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0819
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0819
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9630
reference_id 9630
reference_type
scores
0
value 2.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-19T17:19:26Z/
url https://github.com/wolfSSL/wolfssl/pull/9630
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.2
purl pkg:deb/debian/wolfssl@5.9.0-0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2
aliases CVE-2026-0819
risk_score 1.0
exploitability 0.5
weighted_severity 2.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h6na-nxxq-5yg9
15
url VCID-hk8r-kk4v-1fa7
vulnerability_id VCID-hk8r-kk4v-1fa7
summary Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of X25519, which is now turned on as the default for Xtensa.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-12888
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.04763
published_at 2026-04-16T12:55:00Z
1
value 0.00018
scoring_system epss
scoring_elements 0.04815
published_at 2026-04-13T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.04786
published_at 2026-04-02T12:55:00Z
3
value 0.00018
scoring_system epss
scoring_elements 0.04809
published_at 2026-04-04T12:55:00Z
4
value 0.00018
scoring_system epss
scoring_elements 0.04826
published_at 2026-04-07T12:55:00Z
5
value 0.00018
scoring_system epss
scoring_elements 0.04864
published_at 2026-04-08T12:55:00Z
6
value 0.00018
scoring_system epss
scoring_elements 0.04881
published_at 2026-04-09T12:55:00Z
7
value 0.00018
scoring_system epss
scoring_elements 0.04859
published_at 2026-04-11T12:55:00Z
8
value 0.00018
scoring_system epss
scoring_elements 0.04836
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-12888
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12888
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12888
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121204
reference_id 1121204
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121204
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.2
purl pkg:deb/debian/wolfssl@5.9.0-0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2
aliases CVE-2025-12888
risk_score 0.2
exploitability 0.5
weighted_severity 0.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hk8r-kk4v-1fa7
16
url VCID-jxf4-y1au-5bhw
vulnerability_id VCID-jxf4-y1au-5bhw
summary Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffer via a crafted oversized EC public key point. The WOLFSSL_KCAPI_ECC code path copies the input to key->pubkey_raw (132 bytes) using XMEMCPY without a bounds check, unlike the ATECC code path which includes a length validation. This can be triggered during TLS key exchange when a malicious peer sends a crafted ECPoint in ServerKeyExchange.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4395
reference_id
reference_type
scores
0
value 0.00126
scoring_system epss
scoring_elements 0.31961
published_at 2026-04-16T12:55:00Z
1
value 0.00126
scoring_system epss
scoring_elements 0.31928
published_at 2026-04-13T12:55:00Z
2
value 0.00126
scoring_system epss
scoring_elements 0.32057
published_at 2026-04-02T12:55:00Z
3
value 0.00126
scoring_system epss
scoring_elements 0.32097
published_at 2026-04-04T12:55:00Z
4
value 0.00126
scoring_system epss
scoring_elements 0.31919
published_at 2026-04-07T12:55:00Z
5
value 0.00126
scoring_system epss
scoring_elements 0.31971
published_at 2026-04-08T12:55:00Z
6
value 0.00126
scoring_system epss
scoring_elements 0.32
published_at 2026-04-09T12:55:00Z
7
value 0.00126
scoring_system epss
scoring_elements 0.32003
published_at 2026-04-11T12:55:00Z
8
value 0.00126
scoring_system epss
scoring_elements 0.31962
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4395
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4395
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4395
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9988
reference_id 9988
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/AU:Y/R:U/V:D/RE:L/U:Amber
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T17:09:25Z/
url https://github.com/wolfSSL/wolfssl/pull/9988
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.2
purl pkg:deb/debian/wolfssl@5.9.0-0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2
aliases CVE-2026-4395
risk_score 0.6
exploitability 0.5
weighted_severity 1.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jxf4-y1au-5bhw
17
url VCID-khur-3ax7-9fhb
vulnerability_id VCID-khur-3ax7-9fhb
summary Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wc_XChaCha20Poly1305_Decrypt() which is not used with TLS connections, only from direct calls from an application.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-11931
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.05568
published_at 2026-04-16T12:55:00Z
1
value 0.00021
scoring_system epss
scoring_elements 0.05616
published_at 2026-04-13T12:55:00Z
2
value 0.00021
scoring_system epss
scoring_elements 0.0556
published_at 2026-04-02T12:55:00Z
3
value 0.00021
scoring_system epss
scoring_elements 0.05598
published_at 2026-04-04T12:55:00Z
4
value 0.00021
scoring_system epss
scoring_elements 0.05594
published_at 2026-04-07T12:55:00Z
5
value 0.00021
scoring_system epss
scoring_elements 0.05633
published_at 2026-04-08T12:55:00Z
6
value 0.00021
scoring_system epss
scoring_elements 0.05658
published_at 2026-04-09T12:55:00Z
7
value 0.00021
scoring_system epss
scoring_elements 0.05631
published_at 2026-04-11T12:55:00Z
8
value 0.00021
scoring_system epss
scoring_elements 0.05622
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-11931
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11931
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11931
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121196
reference_id 1121196
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121196
3
reference_url https://github.com/wolfSSL/wolfssl/pull/9223
reference_id 9223
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T15:41:59Z/
url https://github.com/wolfSSL/wolfssl/pull/9223
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.2
purl pkg:deb/debian/wolfssl@5.9.0-0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2
aliases CVE-2025-11931
risk_score 0.9
exploitability 0.5
weighted_severity 1.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-khur-3ax7-9fhb
18
url VCID-n64w-nq6a-m7bv
vulnerability_id VCID-n64w-nq6a-m7bv
summary In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_9 is optimized into conditional branches (bnez) by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret keys via timing analysis.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3580
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02029
published_at 2026-04-16T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02053
published_at 2026-04-13T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02074
published_at 2026-04-02T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.0208
published_at 2026-04-04T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.02075
published_at 2026-04-07T12:55:00Z
5
value 0.00013
scoring_system epss
scoring_elements 0.02077
published_at 2026-04-08T12:55:00Z
6
value 0.00013
scoring_system epss
scoring_elements 0.02094
published_at 2026-04-09T12:55:00Z
7
value 0.00013
scoring_system epss
scoring_elements 0.02072
published_at 2026-04-11T12:55:00Z
8
value 0.00013
scoring_system epss
scoring_elements 0.02057
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3580
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3580
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3580
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9855
reference_id 9855
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T20:25:11Z/
url https://github.com/wolfSSL/wolfssl/pull/9855
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.2
purl pkg:deb/debian/wolfssl@5.9.0-0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2
aliases CVE-2026-3580
risk_score 0.9
exploitability 0.5
weighted_severity 1.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n64w-nq6a-m7bv
19
url VCID-njbj-f91t-b7f4
vulnerability_id VCID-njbj-f91t-b7f4
summary Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to potentially cause a denial-of-service via a crafted ClientHello message with duplicate CKS extensions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-11933
reference_id
reference_type
scores
0
value 0.00056
scoring_system epss
scoring_elements 0.1749
published_at 2026-04-16T12:55:00Z
1
value 0.00056
scoring_system epss
scoring_elements 0.17644
published_at 2026-04-11T12:55:00Z
2
value 0.00056
scoring_system epss
scoring_elements 0.17598
published_at 2026-04-12T12:55:00Z
3
value 0.00056
scoring_system epss
scoring_elements 0.17545
published_at 2026-04-13T12:55:00Z
4
value 0.00056
scoring_system epss
scoring_elements 0.17708
published_at 2026-04-02T12:55:00Z
5
value 0.00056
scoring_system epss
scoring_elements 0.17755
published_at 2026-04-04T12:55:00Z
6
value 0.00056
scoring_system epss
scoring_elements 0.17476
published_at 2026-04-07T12:55:00Z
7
value 0.00056
scoring_system epss
scoring_elements 0.17566
published_at 2026-04-08T12:55:00Z
8
value 0.00056
scoring_system epss
scoring_elements 0.17626
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-11933
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11933
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11933
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121198
reference_id 1121198
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121198
3
reference_url https://github.com/wolfSSL/wolfssl/pull/9132
reference_id 9132
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T16:20:56Z/
url https://github.com/wolfSSL/wolfssl/pull/9132
4
reference_url https://github.com/wolfSSL/wolfssl
reference_id wolfssl
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T16:20:56Z/
url https://github.com/wolfSSL/wolfssl
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.2
purl pkg:deb/debian/wolfssl@5.9.0-0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2
aliases CVE-2025-11933
risk_score 1.1
exploitability 0.5
weighted_severity 2.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-njbj-f91t-b7f4
20
url VCID-uvht-9bt9-hfbb
vulnerability_id VCID-uvht-9bt9-hfbb
summary Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does not affect the client's authentication of the server during TLS handshakes.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3230
reference_id
reference_type
scores
0
value 0.00061
scoring_system epss
scoring_elements 0.1932
published_at 2026-04-02T12:55:00Z
1
value 0.00061
scoring_system epss
scoring_elements 0.19168
published_at 2026-04-08T12:55:00Z
2
value 0.00061
scoring_system epss
scoring_elements 0.19221
published_at 2026-04-09T12:55:00Z
3
value 0.00061
scoring_system epss
scoring_elements 0.19227
published_at 2026-04-11T12:55:00Z
4
value 0.00061
scoring_system epss
scoring_elements 0.1918
published_at 2026-04-12T12:55:00Z
5
value 0.00061
scoring_system epss
scoring_elements 0.19372
published_at 2026-04-04T12:55:00Z
6
value 0.00061
scoring_system epss
scoring_elements 0.19088
published_at 2026-04-07T12:55:00Z
7
value 0.00065
scoring_system epss
scoring_elements 0.20036
published_at 2026-04-13T12:55:00Z
8
value 0.00065
scoring_system epss
scoring_elements 0.20018
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3230
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3230
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3230
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9754
reference_id 9754
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/AU:Y/R:A/V:D/U:Clear
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T17:08:54Z/
url https://github.com/wolfSSL/wolfssl/pull/9754
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.2
purl pkg:deb/debian/wolfssl@5.9.0-0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2
aliases CVE-2026-3230
risk_score 0.6
exploitability 0.5
weighted_severity 1.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uvht-9bt9-hfbb
21
url VCID-v3m6-zajw-bfhb
vulnerability_id VCID-v3m6-zajw-bfhb
summary An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certificate buffer. wolfssl_add_to_chain is called by these API: wolfSSL_CTX_add_extra_chain_cert, wolfSSL_CTX_add1_chain_cert, wolfSSL_add0_chain_cert. These API are enabled for 3rd party compatibility features: enable-opensslall, enable-opensslextra, enable-lighty, enable-stunnel, enable-nginx, enable-haproxy. This issue is not remotely exploitable, and would require that the application context loading certificates is compromised.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3229
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02039
published_at 2026-04-16T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02064
published_at 2026-04-13T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02087
published_at 2026-04-02T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02094
published_at 2026-04-04T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.02088
published_at 2026-04-07T12:55:00Z
5
value 0.00013
scoring_system epss
scoring_elements 0.02089
published_at 2026-04-08T12:55:00Z
6
value 0.00013
scoring_system epss
scoring_elements 0.02107
published_at 2026-04-09T12:55:00Z
7
value 0.00013
scoring_system epss
scoring_elements 0.02084
published_at 2026-04-11T12:55:00Z
8
value 0.00013
scoring_system epss
scoring_elements 0.02069
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3229
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3229
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3229
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9827
reference_id 9827
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T16:29:39Z/
url https://github.com/wolfSSL/wolfssl/pull/9827
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.2
purl pkg:deb/debian/wolfssl@5.9.0-0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2
aliases CVE-2026-3229
risk_score 0.6
exploitability 0.5
weighted_severity 1.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v3m6-zajw-bfhb
22
url VCID-xuyn-pjpb-g7du
vulnerability_id VCID-xuyn-pjpb-g7du
summary A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When deserializing session data with SESSION_CERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and corrupt heap memory. A maliciously crafted session would need to be loaded from an external source to trigger this vulnerability. Internal sessions were not vulnerable.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2646
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02123
published_at 2026-04-16T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02166
published_at 2026-04-11T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02151
published_at 2026-04-12T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02148
published_at 2026-04-13T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.02167
published_at 2026-04-07T12:55:00Z
5
value 0.00013
scoring_system epss
scoring_elements 0.02172
published_at 2026-04-04T12:55:00Z
6
value 0.00013
scoring_system epss
scoring_elements 0.02168
published_at 2026-04-08T12:55:00Z
7
value 0.00013
scoring_system epss
scoring_elements 0.02189
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2646
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2646
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2646
2
reference_url https://github.com/wolfSSL/wolfssl/pull/9748
reference_id 9748
reference_type
scores
0
value 5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:43:50Z/
url https://github.com/wolfSSL/wolfssl/pull/9748
3
reference_url https://github.com/wolfSSL/wolfssl/pull/9949
reference_id 9949
reference_type
scores
0
value 5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:43:50Z/
url https://github.com/wolfSSL/wolfssl/pull/9949
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.2
purl pkg:deb/debian/wolfssl@5.9.0-0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2
aliases CVE-2026-2646
risk_score 2.2
exploitability 0.5
weighted_severity 4.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xuyn-pjpb-g7du
23
url VCID-xxkx-w5pc-5uap
vulnerability_id VCID-xxkx-w5pc-5uap
summary Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group, leading to excessive CPU and memory consumption during ClientHello processing.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-11936
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13272
published_at 2026-04-16T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.13447
published_at 2026-04-11T12:55:00Z
2
value 0.00044
scoring_system epss
scoring_elements 0.13412
published_at 2026-04-12T12:55:00Z
3
value 0.00044
scoring_system epss
scoring_elements 0.13366
published_at 2026-04-13T12:55:00Z
4
value 0.00044
scoring_system epss
scoring_elements 0.13483
published_at 2026-04-02T12:55:00Z
5
value 0.00044
scoring_system epss
scoring_elements 0.13544
published_at 2026-04-04T12:55:00Z
6
value 0.00044
scoring_system epss
scoring_elements 0.1334
published_at 2026-04-07T12:55:00Z
7
value 0.00044
scoring_system epss
scoring_elements 0.13423
published_at 2026-04-08T12:55:00Z
8
value 0.00044
scoring_system epss
scoring_elements 0.13473
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-11936
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11936
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11936
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121202
reference_id 1121202
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121202
3
reference_url https://github.com/wolfSSL/wolfssl/pull/9117
reference_id 9117
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T16:19:13Z/
url https://github.com/wolfSSL/wolfssl/pull/9117
4
reference_url https://github.com/wolfSSL/wolfssl
reference_id wolfssl
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T16:19:13Z/
url https://github.com/wolfSSL/wolfssl
fixed_packages
0
url pkg:deb/debian/wolfssl@5.9.0-0.2
purl pkg:deb/debian/wolfssl@5.9.0-0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2
aliases CVE-2025-11936
risk_score 2.9
exploitability 0.5
weighted_severity 5.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xxkx-w5pc-5uap
Fixing_vulnerabilities
0
url VCID-1u3q-52yd-1bhe
vulnerability_id VCID-1u3q-52yd-1bhe
summary In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-5991
reference_id
reference_type
scores
0
value 0.00111
scoring_system epss
scoring_elements 0.29474
published_at 2026-04-16T12:55:00Z
1
value 0.00111
scoring_system epss
scoring_elements 0.29507
published_at 2026-04-12T12:55:00Z
2
value 0.00111
scoring_system epss
scoring_elements 0.29455
published_at 2026-04-13T12:55:00Z
3
value 0.00111
scoring_system epss
scoring_elements 0.29577
published_at 2026-04-02T12:55:00Z
4
value 0.00111
scoring_system epss
scoring_elements 0.29626
published_at 2026-04-04T12:55:00Z
5
value 0.00111
scoring_system epss
scoring_elements 0.29448
published_at 2026-04-07T12:55:00Z
6
value 0.00111
scoring_system epss
scoring_elements 0.2951
published_at 2026-04-08T12:55:00Z
7
value 0.00111
scoring_system epss
scoring_elements 0.2955
published_at 2026-04-09T12:55:00Z
8
value 0.00111
scoring_system epss
scoring_elements 0.29552
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-5991
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5991
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081788
reference_id 1081788
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081788
fixed_packages
0
url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1
purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ry7-trrg-gfdk
1
vulnerability VCID-4zda-zrq6-hbc8
2
vulnerability VCID-6v8z-cfax-zqbh
3
vulnerability VCID-8735-ectc-j7a3
4
vulnerability VCID-9jpj-dfsf-qkce
5
vulnerability VCID-9jw2-3v9v-ruap
6
vulnerability VCID-9kev-ferz-5bhr
7
vulnerability VCID-9x14-2t7m-1kbm
8
vulnerability VCID-cxhw-3w24-dkes
9
vulnerability VCID-f57c-kamk-3bct
10
vulnerability VCID-fmtp-x6y7-83g1
11
vulnerability VCID-gcfd-w8je-kqfm
12
vulnerability VCID-gdur-h588-vbb6
13
vulnerability VCID-gmdj-a1ys-tqc2
14
vulnerability VCID-h6na-nxxq-5yg9
15
vulnerability VCID-hk8r-kk4v-1fa7
16
vulnerability VCID-jxf4-y1au-5bhw
17
vulnerability VCID-khur-3ax7-9fhb
18
vulnerability VCID-n64w-nq6a-m7bv
19
vulnerability VCID-njbj-f91t-b7f4
20
vulnerability VCID-uvht-9bt9-hfbb
21
vulnerability VCID-v3m6-zajw-bfhb
22
vulnerability VCID-xuyn-pjpb-g7du
23
vulnerability VCID-xxkx-w5pc-5uap
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1
aliases CVE-2024-5991
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1u3q-52yd-1bhe
1
url VCID-24s5-d6jt-4kfe
vulnerability_id VCID-24s5-d6jt-4kfe
summary In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6936
reference_id
reference_type
scores
0
value 0.00274
scoring_system epss
scoring_elements 0.50837
published_at 2026-04-16T12:55:00Z
1
value 0.00274
scoring_system epss
scoring_elements 0.50795
published_at 2026-04-09T12:55:00Z
2
value 0.00274
scoring_system epss
scoring_elements 0.50838
published_at 2026-04-11T12:55:00Z
3
value 0.00274
scoring_system epss
scoring_elements 0.50814
published_at 2026-04-12T12:55:00Z
4
value 0.00274
scoring_system epss
scoring_elements 0.50761
published_at 2026-04-02T12:55:00Z
5
value 0.00274
scoring_system epss
scoring_elements 0.50786
published_at 2026-04-04T12:55:00Z
6
value 0.00274
scoring_system epss
scoring_elements 0.50743
published_at 2026-04-07T12:55:00Z
7
value 0.00274
scoring_system epss
scoring_elements 0.50799
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6936
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6936
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6936
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059357
reference_id 1059357
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059357
3
reference_url https://github.com/wolfSSL/wolfssl/pull/6949/
reference_id 6949
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-27T14:22:41Z/
url https://github.com/wolfSSL/wolfssl/pull/6949/
fixed_packages
0
url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1
purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ry7-trrg-gfdk
1
vulnerability VCID-4zda-zrq6-hbc8
2
vulnerability VCID-6v8z-cfax-zqbh
3
vulnerability VCID-8735-ectc-j7a3
4
vulnerability VCID-9jpj-dfsf-qkce
5
vulnerability VCID-9jw2-3v9v-ruap
6
vulnerability VCID-9kev-ferz-5bhr
7
vulnerability VCID-9x14-2t7m-1kbm
8
vulnerability VCID-cxhw-3w24-dkes
9
vulnerability VCID-f57c-kamk-3bct
10
vulnerability VCID-fmtp-x6y7-83g1
11
vulnerability VCID-gcfd-w8je-kqfm
12
vulnerability VCID-gdur-h588-vbb6
13
vulnerability VCID-gmdj-a1ys-tqc2
14
vulnerability VCID-h6na-nxxq-5yg9
15
vulnerability VCID-hk8r-kk4v-1fa7
16
vulnerability VCID-jxf4-y1au-5bhw
17
vulnerability VCID-khur-3ax7-9fhb
18
vulnerability VCID-n64w-nq6a-m7bv
19
vulnerability VCID-njbj-f91t-b7f4
20
vulnerability VCID-uvht-9bt9-hfbb
21
vulnerability VCID-v3m6-zajw-bfhb
22
vulnerability VCID-xuyn-pjpb-g7du
23
vulnerability VCID-xxkx-w5pc-5uap
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1
aliases CVE-2023-6936
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-24s5-d6jt-4kfe
2
url VCID-47nm-nte5-27fm
vulnerability_id VCID-47nm-nte5-27fm
summary Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-1545
reference_id
reference_type
scores
0
value 0.00232
scoring_system epss
scoring_elements 0.46083
published_at 2026-04-16T12:55:00Z
1
value 0.00232
scoring_system epss
scoring_elements 0.46027
published_at 2026-04-08T12:55:00Z
2
value 0.00232
scoring_system epss
scoring_elements 0.46048
published_at 2026-04-11T12:55:00Z
3
value 0.00232
scoring_system epss
scoring_elements 0.4602
published_at 2026-04-12T12:55:00Z
4
value 0.00232
scoring_system epss
scoring_elements 0.46028
published_at 2026-04-13T12:55:00Z
5
value 0.00232
scoring_system epss
scoring_elements 0.46003
published_at 2026-04-02T12:55:00Z
6
value 0.00232
scoring_system epss
scoring_elements 0.46024
published_at 2026-04-09T12:55:00Z
7
value 0.00232
scoring_system epss
scoring_elements 0.45972
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-1545
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1545
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1545
2
reference_url https://github.com/wolfSSL/wolfssl/pull/7167
reference_id 7167
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-30T14:19:14Z/
url https://github.com/wolfSSL/wolfssl/pull/7167
3
reference_url https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable
reference_id v5.7.0-stable
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-30T14:19:14Z/
url https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable
fixed_packages
0
url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1
purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ry7-trrg-gfdk
1
vulnerability VCID-4zda-zrq6-hbc8
2
vulnerability VCID-6v8z-cfax-zqbh
3
vulnerability VCID-8735-ectc-j7a3
4
vulnerability VCID-9jpj-dfsf-qkce
5
vulnerability VCID-9jw2-3v9v-ruap
6
vulnerability VCID-9kev-ferz-5bhr
7
vulnerability VCID-9x14-2t7m-1kbm
8
vulnerability VCID-cxhw-3w24-dkes
9
vulnerability VCID-f57c-kamk-3bct
10
vulnerability VCID-fmtp-x6y7-83g1
11
vulnerability VCID-gcfd-w8je-kqfm
12
vulnerability VCID-gdur-h588-vbb6
13
vulnerability VCID-gmdj-a1ys-tqc2
14
vulnerability VCID-h6na-nxxq-5yg9
15
vulnerability VCID-hk8r-kk4v-1fa7
16
vulnerability VCID-jxf4-y1au-5bhw
17
vulnerability VCID-khur-3ax7-9fhb
18
vulnerability VCID-n64w-nq6a-m7bv
19
vulnerability VCID-njbj-f91t-b7f4
20
vulnerability VCID-uvht-9bt9-hfbb
21
vulnerability VCID-v3m6-zajw-bfhb
22
vulnerability VCID-xuyn-pjpb-g7du
23
vulnerability VCID-xxkx-w5pc-5uap
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1
aliases CVE-2024-1545
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-47nm-nte5-27fm
3
url VCID-7xbp-qkvv-bqgm
vulnerability_id VCID-7xbp-qkvv-bqgm
summary The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. In a controlled environment such as Intel SGX, an attacker can gain a per instruction sub-cache-line resolution allowing them to break the cache-line-level protection. For details on the attack refer to: https://doi.org/10.46586/tches.v2024.i1.457-500
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-1543
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12262
published_at 2026-04-16T12:55:00Z
1
value 0.00041
scoring_system epss
scoring_elements 0.12401
published_at 2026-04-12T12:55:00Z
2
value 0.00041
scoring_system epss
scoring_elements 0.1236
published_at 2026-04-13T12:55:00Z
3
value 0.00041
scoring_system epss
scoring_elements 0.12455
published_at 2026-04-02T12:55:00Z
4
value 0.00041
scoring_system epss
scoring_elements 0.12499
published_at 2026-04-04T12:55:00Z
5
value 0.00041
scoring_system epss
scoring_elements 0.12304
published_at 2026-04-07T12:55:00Z
6
value 0.00041
scoring_system epss
scoring_elements 0.12383
published_at 2026-04-08T12:55:00Z
7
value 0.00041
scoring_system epss
scoring_elements 0.12434
published_at 2026-04-09T12:55:00Z
8
value 0.00041
scoring_system epss
scoring_elements 0.1244
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-1543
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1543
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1543
2
reference_url https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-566-dec-19-2023
reference_id ChangeLog.md#wolfssl-release-566-dec-19-2023
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-30T14:19:28Z/
url https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-566-dec-19-2023
fixed_packages
0
url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1
purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ry7-trrg-gfdk
1
vulnerability VCID-4zda-zrq6-hbc8
2
vulnerability VCID-6v8z-cfax-zqbh
3
vulnerability VCID-8735-ectc-j7a3
4
vulnerability VCID-9jpj-dfsf-qkce
5
vulnerability VCID-9jw2-3v9v-ruap
6
vulnerability VCID-9kev-ferz-5bhr
7
vulnerability VCID-9x14-2t7m-1kbm
8
vulnerability VCID-cxhw-3w24-dkes
9
vulnerability VCID-f57c-kamk-3bct
10
vulnerability VCID-fmtp-x6y7-83g1
11
vulnerability VCID-gcfd-w8je-kqfm
12
vulnerability VCID-gdur-h588-vbb6
13
vulnerability VCID-gmdj-a1ys-tqc2
14
vulnerability VCID-h6na-nxxq-5yg9
15
vulnerability VCID-hk8r-kk4v-1fa7
16
vulnerability VCID-jxf4-y1au-5bhw
17
vulnerability VCID-khur-3ax7-9fhb
18
vulnerability VCID-n64w-nq6a-m7bv
19
vulnerability VCID-njbj-f91t-b7f4
20
vulnerability VCID-uvht-9bt9-hfbb
21
vulnerability VCID-v3m6-zajw-bfhb
22
vulnerability VCID-xuyn-pjpb-g7du
23
vulnerability VCID-xxkx-w5pc-5uap
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1
aliases CVE-2024-1543
risk_score 1.9
exploitability 0.5
weighted_severity 3.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7xbp-qkvv-bqgm
4
url VCID-9hdy-aqa2-w3bd
vulnerability_id VCID-9hdy-aqa2-w3bd
summary A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello. https://doi.org/10.46586/tches.v2024.i1.457-500
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-5814
reference_id
reference_type
scores
0
value 0.00218
scoring_system epss
scoring_elements 0.4451
published_at 2026-04-16T12:55:00Z
1
value 0.00218
scoring_system epss
scoring_elements 0.44486
published_at 2026-04-11T12:55:00Z
2
value 0.00218
scoring_system epss
scoring_elements 0.44454
published_at 2026-04-13T12:55:00Z
3
value 0.00218
scoring_system epss
scoring_elements 0.44455
published_at 2026-04-12T12:55:00Z
4
value 0.00218
scoring_system epss
scoring_elements 0.44476
published_at 2026-04-04T12:55:00Z
5
value 0.00218
scoring_system epss
scoring_elements 0.44412
published_at 2026-04-07T12:55:00Z
6
value 0.00218
scoring_system epss
scoring_elements 0.44463
published_at 2026-04-08T12:55:00Z
7
value 0.00218
scoring_system epss
scoring_elements 0.4447
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-5814
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5814
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5814
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081791
reference_id 1081791
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081791
3
reference_url https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#add_later
reference_id ChangeLog.md#add_later
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/V:D/RE:M/U:Green
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-27T19:18:34Z/
url https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#add_later
fixed_packages
0
url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1
purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ry7-trrg-gfdk
1
vulnerability VCID-4zda-zrq6-hbc8
2
vulnerability VCID-6v8z-cfax-zqbh
3
vulnerability VCID-8735-ectc-j7a3
4
vulnerability VCID-9jpj-dfsf-qkce
5
vulnerability VCID-9jw2-3v9v-ruap
6
vulnerability VCID-9kev-ferz-5bhr
7
vulnerability VCID-9x14-2t7m-1kbm
8
vulnerability VCID-cxhw-3w24-dkes
9
vulnerability VCID-f57c-kamk-3bct
10
vulnerability VCID-fmtp-x6y7-83g1
11
vulnerability VCID-gcfd-w8je-kqfm
12
vulnerability VCID-gdur-h588-vbb6
13
vulnerability VCID-gmdj-a1ys-tqc2
14
vulnerability VCID-h6na-nxxq-5yg9
15
vulnerability VCID-hk8r-kk4v-1fa7
16
vulnerability VCID-jxf4-y1au-5bhw
17
vulnerability VCID-khur-3ax7-9fhb
18
vulnerability VCID-n64w-nq6a-m7bv
19
vulnerability VCID-njbj-f91t-b7f4
20
vulnerability VCID-uvht-9bt9-hfbb
21
vulnerability VCID-v3m6-zajw-bfhb
22
vulnerability VCID-xuyn-pjpb-g7du
23
vulnerability VCID-xxkx-w5pc-5uap
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1
aliases CVE-2024-5814
risk_score 2.3
exploitability 0.5
weighted_severity 4.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9hdy-aqa2-w3bd
5
url VCID-dpu2-4w42-kygw
vulnerability_id VCID-dpu2-4w42-kygw
summary Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor q_e by dividing the upper two digits (a digit having e.g. a size of 8 byte) of r by the upper digit of n and then decrements q_e in a loop until it has the correct size. Observing the number of times q_e is decremented through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. For SECP160R1, e.g., we find a bias of 15 bits.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-1544
reference_id
reference_type
scores
0
value 0.00076
scoring_system epss
scoring_elements 0.22835
published_at 2026-04-09T12:55:00Z
1
value 0.00076
scoring_system epss
scoring_elements 0.22763
published_at 2026-04-13T12:55:00Z
2
value 0.00076
scoring_system epss
scoring_elements 0.22819
published_at 2026-04-12T12:55:00Z
3
value 0.00076
scoring_system epss
scoring_elements 0.22857
published_at 2026-04-11T12:55:00Z
4
value 0.00076
scoring_system epss
scoring_elements 0.22871
published_at 2026-04-02T12:55:00Z
5
value 0.00076
scoring_system epss
scoring_elements 0.22916
published_at 2026-04-04T12:55:00Z
6
value 0.00076
scoring_system epss
scoring_elements 0.22708
published_at 2026-04-07T12:55:00Z
7
value 0.00076
scoring_system epss
scoring_elements 0.22783
published_at 2026-04-08T12:55:00Z
8
value 0.00153
scoring_system epss
scoring_elements 0.36023
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-1544
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1544
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1544
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081789
reference_id 1081789
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081789
3
reference_url https://github.com/wolfSSL/wolfssl/pull/7020
reference_id 7020
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T19:14:00Z/
url https://github.com/wolfSSL/wolfssl/pull/7020
4
reference_url https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable
reference_id v5.7.2-stable
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T19:14:00Z/
url https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable
fixed_packages
0
url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1
purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ry7-trrg-gfdk
1
vulnerability VCID-4zda-zrq6-hbc8
2
vulnerability VCID-6v8z-cfax-zqbh
3
vulnerability VCID-8735-ectc-j7a3
4
vulnerability VCID-9jpj-dfsf-qkce
5
vulnerability VCID-9jw2-3v9v-ruap
6
vulnerability VCID-9kev-ferz-5bhr
7
vulnerability VCID-9x14-2t7m-1kbm
8
vulnerability VCID-cxhw-3w24-dkes
9
vulnerability VCID-f57c-kamk-3bct
10
vulnerability VCID-fmtp-x6y7-83g1
11
vulnerability VCID-gcfd-w8je-kqfm
12
vulnerability VCID-gdur-h588-vbb6
13
vulnerability VCID-gmdj-a1ys-tqc2
14
vulnerability VCID-h6na-nxxq-5yg9
15
vulnerability VCID-hk8r-kk4v-1fa7
16
vulnerability VCID-jxf4-y1au-5bhw
17
vulnerability VCID-khur-3ax7-9fhb
18
vulnerability VCID-n64w-nq6a-m7bv
19
vulnerability VCID-njbj-f91t-b7f4
20
vulnerability VCID-uvht-9bt9-hfbb
21
vulnerability VCID-v3m6-zajw-bfhb
22
vulnerability VCID-xuyn-pjpb-g7du
23
vulnerability VCID-xxkx-w5pc-5uap
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1
aliases CVE-2024-1544
risk_score 1.9
exploitability 0.5
weighted_severity 3.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dpu2-4w42-kygw
6
url VCID-euma-vgqx-sbau
vulnerability_id VCID-euma-vgqx-sbau
summary Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-2881
reference_id
reference_type
scores
0
value 0.00412
scoring_system epss
scoring_elements 0.61491
published_at 2026-04-16T12:55:00Z
1
value 0.00412
scoring_system epss
scoring_elements 0.6147
published_at 2026-04-12T12:55:00Z
2
value 0.00412
scoring_system epss
scoring_elements 0.61452
published_at 2026-04-13T12:55:00Z
3
value 0.00412
scoring_system epss
scoring_elements 0.61402
published_at 2026-04-02T12:55:00Z
4
value 0.00412
scoring_system epss
scoring_elements 0.6143
published_at 2026-04-04T12:55:00Z
5
value 0.00412
scoring_system epss
scoring_elements 0.614
published_at 2026-04-07T12:55:00Z
6
value 0.00412
scoring_system epss
scoring_elements 0.61446
published_at 2026-04-08T12:55:00Z
7
value 0.00412
scoring_system epss
scoring_elements 0.61462
published_at 2026-04-09T12:55:00Z
8
value 0.00412
scoring_system epss
scoring_elements 0.61484
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-2881
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2881
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2881
2
reference_url https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable
reference_id v5.7.0-stable
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-30T14:18:26Z/
url https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable
fixed_packages
0
url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1
purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ry7-trrg-gfdk
1
vulnerability VCID-4zda-zrq6-hbc8
2
vulnerability VCID-6v8z-cfax-zqbh
3
vulnerability VCID-8735-ectc-j7a3
4
vulnerability VCID-9jpj-dfsf-qkce
5
vulnerability VCID-9jw2-3v9v-ruap
6
vulnerability VCID-9kev-ferz-5bhr
7
vulnerability VCID-9x14-2t7m-1kbm
8
vulnerability VCID-cxhw-3w24-dkes
9
vulnerability VCID-f57c-kamk-3bct
10
vulnerability VCID-fmtp-x6y7-83g1
11
vulnerability VCID-gcfd-w8je-kqfm
12
vulnerability VCID-gdur-h588-vbb6
13
vulnerability VCID-gmdj-a1ys-tqc2
14
vulnerability VCID-h6na-nxxq-5yg9
15
vulnerability VCID-hk8r-kk4v-1fa7
16
vulnerability VCID-jxf4-y1au-5bhw
17
vulnerability VCID-khur-3ax7-9fhb
18
vulnerability VCID-n64w-nq6a-m7bv
19
vulnerability VCID-njbj-f91t-b7f4
20
vulnerability VCID-uvht-9bt9-hfbb
21
vulnerability VCID-v3m6-zajw-bfhb
22
vulnerability VCID-xuyn-pjpb-g7du
23
vulnerability VCID-xxkx-w5pc-5uap
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1
aliases CVE-2024-2881
risk_score 3.0
exploitability 0.5
weighted_severity 6.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-euma-vgqx-sbau
7
url VCID-su8x-6n42-n3d5
vulnerability_id VCID-su8x-6n42-n3d5
summary Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-0901
reference_id
reference_type
scores
0
value 0.00233
scoring_system epss
scoring_elements 0.46184
published_at 2026-04-08T12:55:00Z
1
value 0.00233
scoring_system epss
scoring_elements 0.46178
published_at 2026-04-12T12:55:00Z
2
value 0.00233
scoring_system epss
scoring_elements 0.46206
published_at 2026-04-11T12:55:00Z
3
value 0.00233
scoring_system epss
scoring_elements 0.46183
published_at 2026-04-09T12:55:00Z
4
value 0.00233
scoring_system epss
scoring_elements 0.4616
published_at 2026-04-02T12:55:00Z
5
value 0.00233
scoring_system epss
scoring_elements 0.4618
published_at 2026-04-04T12:55:00Z
6
value 0.00233
scoring_system epss
scoring_elements 0.46128
published_at 2026-04-07T12:55:00Z
7
value 0.00305
scoring_system epss
scoring_elements 0.53831
published_at 2026-04-16T12:55:00Z
8
value 0.00305
scoring_system epss
scoring_elements 0.53794
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-0901
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0901
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0901
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067799
reference_id 1067799
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067799
3
reference_url https://github.com/wolfSSL/wolfssl/issues/7089
reference_id 7089
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T18:38:31Z/
url https://github.com/wolfSSL/wolfssl/issues/7089
4
reference_url https://github.com/wolfSSL/wolfssl/pull/7099
reference_id 7099
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T18:38:31Z/
url https://github.com/wolfSSL/wolfssl/pull/7099
fixed_packages
0
url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1
purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ry7-trrg-gfdk
1
vulnerability VCID-4zda-zrq6-hbc8
2
vulnerability VCID-6v8z-cfax-zqbh
3
vulnerability VCID-8735-ectc-j7a3
4
vulnerability VCID-9jpj-dfsf-qkce
5
vulnerability VCID-9jw2-3v9v-ruap
6
vulnerability VCID-9kev-ferz-5bhr
7
vulnerability VCID-9x14-2t7m-1kbm
8
vulnerability VCID-cxhw-3w24-dkes
9
vulnerability VCID-f57c-kamk-3bct
10
vulnerability VCID-fmtp-x6y7-83g1
11
vulnerability VCID-gcfd-w8je-kqfm
12
vulnerability VCID-gdur-h588-vbb6
13
vulnerability VCID-gmdj-a1ys-tqc2
14
vulnerability VCID-h6na-nxxq-5yg9
15
vulnerability VCID-hk8r-kk4v-1fa7
16
vulnerability VCID-jxf4-y1au-5bhw
17
vulnerability VCID-khur-3ax7-9fhb
18
vulnerability VCID-n64w-nq6a-m7bv
19
vulnerability VCID-njbj-f91t-b7f4
20
vulnerability VCID-uvht-9bt9-hfbb
21
vulnerability VCID-v3m6-zajw-bfhb
22
vulnerability VCID-xuyn-pjpb-g7du
23
vulnerability VCID-xxkx-w5pc-5uap
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1
aliases CVE-2024-0901
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-su8x-6n42-n3d5
8
url VCID-u24a-2khf-uyba
vulnerability_id VCID-u24a-2khf-uyba
summary wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6937
reference_id
reference_type
scores
0
value 0.00442
scoring_system epss
scoring_elements 0.63285
published_at 2026-04-16T12:55:00Z
1
value 0.00442
scoring_system epss
scoring_elements 0.63283
published_at 2026-04-09T12:55:00Z
2
value 0.00442
scoring_system epss
scoring_elements 0.633
published_at 2026-04-11T12:55:00Z
3
value 0.00442
scoring_system epss
scoring_elements 0.63284
published_at 2026-04-12T12:55:00Z
4
value 0.00442
scoring_system epss
scoring_elements 0.63219
published_at 2026-04-02T12:55:00Z
5
value 0.00442
scoring_system epss
scoring_elements 0.63248
published_at 2026-04-13T12:55:00Z
6
value 0.00442
scoring_system epss
scoring_elements 0.63214
published_at 2026-04-07T12:55:00Z
7
value 0.00442
scoring_system epss
scoring_elements 0.63265
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6937
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6937
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6937
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059357
reference_id 1059357
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059357
3
reference_url https://github.com/wolfSSL/wolfssl/pull/7029
reference_id 7029
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T15:13:21Z/
url https://github.com/wolfSSL/wolfssl/pull/7029
fixed_packages
0
url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1
purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ry7-trrg-gfdk
1
vulnerability VCID-4zda-zrq6-hbc8
2
vulnerability VCID-6v8z-cfax-zqbh
3
vulnerability VCID-8735-ectc-j7a3
4
vulnerability VCID-9jpj-dfsf-qkce
5
vulnerability VCID-9jw2-3v9v-ruap
6
vulnerability VCID-9kev-ferz-5bhr
7
vulnerability VCID-9x14-2t7m-1kbm
8
vulnerability VCID-cxhw-3w24-dkes
9
vulnerability VCID-f57c-kamk-3bct
10
vulnerability VCID-fmtp-x6y7-83g1
11
vulnerability VCID-gcfd-w8je-kqfm
12
vulnerability VCID-gdur-h588-vbb6
13
vulnerability VCID-gmdj-a1ys-tqc2
14
vulnerability VCID-h6na-nxxq-5yg9
15
vulnerability VCID-hk8r-kk4v-1fa7
16
vulnerability VCID-jxf4-y1au-5bhw
17
vulnerability VCID-khur-3ax7-9fhb
18
vulnerability VCID-n64w-nq6a-m7bv
19
vulnerability VCID-njbj-f91t-b7f4
20
vulnerability VCID-uvht-9bt9-hfbb
21
vulnerability VCID-v3m6-zajw-bfhb
22
vulnerability VCID-xuyn-pjpb-g7du
23
vulnerability VCID-xxkx-w5pc-5uap
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1
aliases CVE-2023-6937
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u24a-2khf-uyba
9
url VCID-xfgd-4hs3-vygk
vulnerability_id VCID-xfgd-4hs3-vygk
summary An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys, such as in server-side TLS connections, the connection is halted if any fault occurs. The success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-5288
reference_id
reference_type
scores
0
value 0.00088
scoring_system epss
scoring_elements 0.2515
published_at 2026-04-16T12:55:00Z
1
value 0.00088
scoring_system epss
scoring_elements 0.25193
published_at 2026-04-12T12:55:00Z
2
value 0.00088
scoring_system epss
scoring_elements 0.2514
published_at 2026-04-13T12:55:00Z
3
value 0.00088
scoring_system epss
scoring_elements 0.25289
published_at 2026-04-02T12:55:00Z
4
value 0.00088
scoring_system epss
scoring_elements 0.2533
published_at 2026-04-04T12:55:00Z
5
value 0.00088
scoring_system epss
scoring_elements 0.25107
published_at 2026-04-07T12:55:00Z
6
value 0.00088
scoring_system epss
scoring_elements 0.25176
published_at 2026-04-08T12:55:00Z
7
value 0.00088
scoring_system epss
scoring_elements 0.25221
published_at 2026-04-09T12:55:00Z
8
value 0.00088
scoring_system epss
scoring_elements 0.25235
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-5288
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5288
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5288
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081790
reference_id 1081790
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081790
3
reference_url https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable
reference_id v5.7.2-stable
reference_type
scores
0
value 5.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T19:22:54Z/
url https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable
fixed_packages
0
url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1
purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ry7-trrg-gfdk
1
vulnerability VCID-4zda-zrq6-hbc8
2
vulnerability VCID-6v8z-cfax-zqbh
3
vulnerability VCID-8735-ectc-j7a3
4
vulnerability VCID-9jpj-dfsf-qkce
5
vulnerability VCID-9jw2-3v9v-ruap
6
vulnerability VCID-9kev-ferz-5bhr
7
vulnerability VCID-9x14-2t7m-1kbm
8
vulnerability VCID-cxhw-3w24-dkes
9
vulnerability VCID-f57c-kamk-3bct
10
vulnerability VCID-fmtp-x6y7-83g1
11
vulnerability VCID-gcfd-w8je-kqfm
12
vulnerability VCID-gdur-h588-vbb6
13
vulnerability VCID-gmdj-a1ys-tqc2
14
vulnerability VCID-h6na-nxxq-5yg9
15
vulnerability VCID-hk8r-kk4v-1fa7
16
vulnerability VCID-jxf4-y1au-5bhw
17
vulnerability VCID-khur-3ax7-9fhb
18
vulnerability VCID-n64w-nq6a-m7bv
19
vulnerability VCID-njbj-f91t-b7f4
20
vulnerability VCID-uvht-9bt9-hfbb
21
vulnerability VCID-v3m6-zajw-bfhb
22
vulnerability VCID-xuyn-pjpb-g7du
23
vulnerability VCID-xxkx-w5pc-5uap
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1
aliases CVE-2024-5288
risk_score 2.3
exploitability 0.5
weighted_severity 4.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xfgd-4hs3-vygk
10
url VCID-zhf4-y8v8-gubn
vulnerability_id VCID-zhf4-y8v8-gubn
summary wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6.  Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent. The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server’s private key is not exposed.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6935
reference_id
reference_type
scores
0
value 0.00315
scoring_system epss
scoring_elements 0.54642
published_at 2026-04-16T12:55:00Z
1
value 0.00315
scoring_system epss
scoring_elements 0.54592
published_at 2026-04-02T12:55:00Z
2
value 0.00315
scoring_system epss
scoring_elements 0.5463
published_at 2026-04-09T12:55:00Z
3
value 0.00315
scoring_system epss
scoring_elements 0.54643
published_at 2026-04-11T12:55:00Z
4
value 0.00315
scoring_system epss
scoring_elements 0.54626
published_at 2026-04-12T12:55:00Z
5
value 0.00315
scoring_system epss
scoring_elements 0.54604
published_at 2026-04-13T12:55:00Z
6
value 0.00315
scoring_system epss
scoring_elements 0.54615
published_at 2026-04-04T12:55:00Z
7
value 0.00315
scoring_system epss
scoring_elements 0.54584
published_at 2026-04-07T12:55:00Z
8
value 0.00315
scoring_system epss
scoring_elements 0.54635
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6935
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6935
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6935
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059357
reference_id 1059357
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059357
3
reference_url https://people.redhat.com/~hkario/marvin/
reference_id marvin
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T12:48:11Z/
url https://people.redhat.com/~hkario/marvin/
fixed_packages
0
url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1
purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ry7-trrg-gfdk
1
vulnerability VCID-4zda-zrq6-hbc8
2
vulnerability VCID-6v8z-cfax-zqbh
3
vulnerability VCID-8735-ectc-j7a3
4
vulnerability VCID-9jpj-dfsf-qkce
5
vulnerability VCID-9jw2-3v9v-ruap
6
vulnerability VCID-9kev-ferz-5bhr
7
vulnerability VCID-9x14-2t7m-1kbm
8
vulnerability VCID-cxhw-3w24-dkes
9
vulnerability VCID-f57c-kamk-3bct
10
vulnerability VCID-fmtp-x6y7-83g1
11
vulnerability VCID-gcfd-w8je-kqfm
12
vulnerability VCID-gdur-h588-vbb6
13
vulnerability VCID-gmdj-a1ys-tqc2
14
vulnerability VCID-h6na-nxxq-5yg9
15
vulnerability VCID-hk8r-kk4v-1fa7
16
vulnerability VCID-jxf4-y1au-5bhw
17
vulnerability VCID-khur-3ax7-9fhb
18
vulnerability VCID-n64w-nq6a-m7bv
19
vulnerability VCID-njbj-f91t-b7f4
20
vulnerability VCID-uvht-9bt9-hfbb
21
vulnerability VCID-v3m6-zajw-bfhb
22
vulnerability VCID-xuyn-pjpb-g7du
23
vulnerability VCID-xxkx-w5pc-5uap
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1
aliases CVE-2023-6935
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zhf4-y8v8-gubn
Risk_score3.8
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1