Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-k32r-azxg-9yh3
SummaryAn issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a "free(): invalid pointer" message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle.
Aliases
0
alias CVE-2022-38153
Fixed_packages
0
url pkg:conan/wolfssl@5.4.0
purl pkg:conan/wolfssl@5.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6n4g-us9a-53g4
1
vulnerability VCID-hguq-mr6k-jqd3
2
vulnerability VCID-kksg-tc63-23bm
3
vulnerability VCID-ubye-e3yx-pfbb
4
vulnerability VCID-x4tg-m9be-2yfe
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.4.0
1
url pkg:deb/debian/wolfssl@0?distro=trixie
purl pkg:deb/debian/wolfssl@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@0%3Fdistro=trixie
2
url pkg:deb/debian/wolfssl@4.6.0%2Bp1-0%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/wolfssl@4.6.0%2Bp1-0%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1u3q-52yd-1bhe
1
vulnerability VCID-24s5-d6jt-4kfe
2
vulnerability VCID-2ry7-trrg-gfdk
3
vulnerability VCID-47nm-nte5-27fm
4
vulnerability VCID-4zda-zrq6-hbc8
5
vulnerability VCID-6n4g-us9a-53g4
6
vulnerability VCID-6v8z-cfax-zqbh
7
vulnerability VCID-7xbp-qkvv-bqgm
8
vulnerability VCID-8735-ectc-j7a3
9
vulnerability VCID-9hdy-aqa2-w3bd
10
vulnerability VCID-9jpj-dfsf-qkce
11
vulnerability VCID-9jw2-3v9v-ruap
12
vulnerability VCID-9kev-ferz-5bhr
13
vulnerability VCID-9x14-2t7m-1kbm
14
vulnerability VCID-cum2-vp1j-syfc
15
vulnerability VCID-cxhw-3w24-dkes
16
vulnerability VCID-dpu2-4w42-kygw
17
vulnerability VCID-euma-vgqx-sbau
18
vulnerability VCID-f4gq-hqcp-dqe2
19
vulnerability VCID-f57c-kamk-3bct
20
vulnerability VCID-fmtp-x6y7-83g1
21
vulnerability VCID-gcfd-w8je-kqfm
22
vulnerability VCID-gdur-h588-vbb6
23
vulnerability VCID-gmdj-a1ys-tqc2
24
vulnerability VCID-h6na-nxxq-5yg9
25
vulnerability VCID-hk8r-kk4v-1fa7
26
vulnerability VCID-jxf4-y1au-5bhw
27
vulnerability VCID-khur-3ax7-9fhb
28
vulnerability VCID-n64w-nq6a-m7bv
29
vulnerability VCID-njbj-f91t-b7f4
30
vulnerability VCID-su8x-6n42-n3d5
31
vulnerability VCID-u24a-2khf-uyba
32
vulnerability VCID-uvht-9bt9-hfbb
33
vulnerability VCID-v3m6-zajw-bfhb
34
vulnerability VCID-xfgd-4hs3-vygk
35
vulnerability VCID-xuyn-pjpb-g7du
36
vulnerability VCID-xxkx-w5pc-5uap
37
vulnerability VCID-zhf4-y8v8-gubn
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@4.6.0%252Bp1-0%252Bdeb11u2%3Fdistro=trixie
3
url pkg:deb/debian/wolfssl@5.5.3-1?distro=trixie
purl pkg:deb/debian/wolfssl@5.5.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.3-1%3Fdistro=trixie
4
url pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1u3q-52yd-1bhe
1
vulnerability VCID-24s5-d6jt-4kfe
2
vulnerability VCID-2ry7-trrg-gfdk
3
vulnerability VCID-47nm-nte5-27fm
4
vulnerability VCID-4zda-zrq6-hbc8
5
vulnerability VCID-6v8z-cfax-zqbh
6
vulnerability VCID-7xbp-qkvv-bqgm
7
vulnerability VCID-8735-ectc-j7a3
8
vulnerability VCID-9hdy-aqa2-w3bd
9
vulnerability VCID-9jpj-dfsf-qkce
10
vulnerability VCID-9jw2-3v9v-ruap
11
vulnerability VCID-9kev-ferz-5bhr
12
vulnerability VCID-9x14-2t7m-1kbm
13
vulnerability VCID-cxhw-3w24-dkes
14
vulnerability VCID-dpu2-4w42-kygw
15
vulnerability VCID-euma-vgqx-sbau
16
vulnerability VCID-f57c-kamk-3bct
17
vulnerability VCID-fmtp-x6y7-83g1
18
vulnerability VCID-gcfd-w8je-kqfm
19
vulnerability VCID-gdur-h588-vbb6
20
vulnerability VCID-gmdj-a1ys-tqc2
21
vulnerability VCID-h6na-nxxq-5yg9
22
vulnerability VCID-hk8r-kk4v-1fa7
23
vulnerability VCID-jxf4-y1au-5bhw
24
vulnerability VCID-khur-3ax7-9fhb
25
vulnerability VCID-n64w-nq6a-m7bv
26
vulnerability VCID-njbj-f91t-b7f4
27
vulnerability VCID-su8x-6n42-n3d5
28
vulnerability VCID-u24a-2khf-uyba
29
vulnerability VCID-uvht-9bt9-hfbb
30
vulnerability VCID-v3m6-zajw-bfhb
31
vulnerability VCID-xfgd-4hs3-vygk
32
vulnerability VCID-xuyn-pjpb-g7du
33
vulnerability VCID-xxkx-w5pc-5uap
34
vulnerability VCID-zhf4-y8v8-gubn
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.4-2%252Bdeb12u2%3Fdistro=trixie
5
url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ry7-trrg-gfdk
1
vulnerability VCID-4zda-zrq6-hbc8
2
vulnerability VCID-6v8z-cfax-zqbh
3
vulnerability VCID-8735-ectc-j7a3
4
vulnerability VCID-9jpj-dfsf-qkce
5
vulnerability VCID-9jw2-3v9v-ruap
6
vulnerability VCID-9kev-ferz-5bhr
7
vulnerability VCID-9x14-2t7m-1kbm
8
vulnerability VCID-cxhw-3w24-dkes
9
vulnerability VCID-f57c-kamk-3bct
10
vulnerability VCID-fmtp-x6y7-83g1
11
vulnerability VCID-gcfd-w8je-kqfm
12
vulnerability VCID-gdur-h588-vbb6
13
vulnerability VCID-gmdj-a1ys-tqc2
14
vulnerability VCID-h6na-nxxq-5yg9
15
vulnerability VCID-hk8r-kk4v-1fa7
16
vulnerability VCID-jxf4-y1au-5bhw
17
vulnerability VCID-khur-3ax7-9fhb
18
vulnerability VCID-n64w-nq6a-m7bv
19
vulnerability VCID-njbj-f91t-b7f4
20
vulnerability VCID-uvht-9bt9-hfbb
21
vulnerability VCID-v3m6-zajw-bfhb
22
vulnerability VCID-xuyn-pjpb-g7du
23
vulnerability VCID-xxkx-w5pc-5uap
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1%3Fdistro=trixie
6
url pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
purl pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie
Affected_packages
0
url pkg:conan/wolfssl@5.3.0
purl pkg:conan/wolfssl@5.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6n4g-us9a-53g4
1
vulnerability VCID-cum2-vp1j-syfc
2
vulnerability VCID-hguq-mr6k-jqd3
3
vulnerability VCID-k32r-azxg-9yh3
4
vulnerability VCID-kksg-tc63-23bm
5
vulnerability VCID-ubye-e3yx-pfbb
6
vulnerability VCID-x4tg-m9be-2yfe
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/wolfssl@5.3.0
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-38153
reference_id
reference_type
scores
0
value 0.00568
scoring_system epss
scoring_elements 0.68481
published_at 2026-04-02T12:55:00Z
1
value 0.00568
scoring_system epss
scoring_elements 0.685
published_at 2026-04-04T12:55:00Z
2
value 0.00568
scoring_system epss
scoring_elements 0.68477
published_at 2026-04-07T12:55:00Z
3
value 0.00568
scoring_system epss
scoring_elements 0.68527
published_at 2026-04-13T12:55:00Z
4
value 0.00568
scoring_system epss
scoring_elements 0.68544
published_at 2026-04-09T12:55:00Z
5
value 0.00568
scoring_system epss
scoring_elements 0.68571
published_at 2026-04-11T12:55:00Z
6
value 0.00568
scoring_system epss
scoring_elements 0.68558
published_at 2026-04-12T12:55:00Z
7
value 0.00568
scoring_system epss
scoring_elements 0.68567
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-38153
1
reference_url https://github.com/trailofbits/tlspuffin
reference_id
reference_type
scores
url https://github.com/trailofbits/tlspuffin
2
reference_url https://github.com/wolfSSL/wolfssl/pull/5476
reference_id
reference_type
scores
url https://github.com/wolfSSL/wolfssl/pull/5476
3
reference_url https://github.com/wolfSSL/wolfssl/releases
reference_id
reference_type
scores
url https://github.com/wolfSSL/wolfssl/releases
4
reference_url https://www.wolfssl.com/docs/security-vulnerabilities/
reference_id
reference_type
scores
url https://www.wolfssl.com/docs/security-vulnerabilities/
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021021
reference_id 1021021
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021021
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-38153
reference_id CVE-2022-38153
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-38153
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 770
name Allocation of Resources Without Limits or Throttling
description The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitability0.5
Weighted_severity0.0
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-k32r-azxg-9yh3