Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-dpu2-4w42-kygw

Summary Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor q_e by dividing the upper two digits (a digit having e.g. a size of 8 byte) of r by the upper digit of n and then decrements q_e in a loop until it has the correct size. Observing the number of times q_e is decremented through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. For SECP160R1, e.g., we find a bias of 15 bits.

Aliases

alias	CVE-2024-1544

Fixed_packages

url	pkg:deb/debian/wolfssl@5.7.2-0.1?distro=trixie
purl	pkg:deb/debian/wolfssl@5.7.2-0.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1

purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1

url	pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
purl	pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/wolfssl@4.6.0%2Bp1-0%2Bdeb11u2

purl pkg:deb/debian/wolfssl@4.6.0%2Bp1-0%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1u3q-52yd-1bhe

vulnerability	VCID-24s5-d6jt-4kfe

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-47nm-nte5-27fm

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-6n4g-us9a-53g4

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-7xbp-qkvv-bqgm

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9hdy-aqa2-w3bd

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-cum2-vp1j-syfc

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-dpu2-4w42-kygw

vulnerability	VCID-euma-vgqx-sbau

vulnerability	VCID-f4gq-hqcp-dqe2

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-su8x-6n42-n3d5

vulnerability	VCID-u24a-2khf-uyba

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-xfgd-4hs3-vygk

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

vulnerability	VCID-zhf4-y8v8-gubn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@4.6.0%252Bp1-0%252Bdeb11u2

url pkg:deb/debian/wolfssl@4.6.0%2Bp1-0%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/wolfssl@4.6.0%2Bp1-0%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1u3q-52yd-1bhe

vulnerability	VCID-24s5-d6jt-4kfe

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-47nm-nte5-27fm

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-6n4g-us9a-53g4

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-7xbp-qkvv-bqgm

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9hdy-aqa2-w3bd

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-cum2-vp1j-syfc

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-dpu2-4w42-kygw

vulnerability	VCID-euma-vgqx-sbau

vulnerability	VCID-f4gq-hqcp-dqe2

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-su8x-6n42-n3d5

vulnerability	VCID-u24a-2khf-uyba

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-xfgd-4hs3-vygk

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

vulnerability	VCID-zhf4-y8v8-gubn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@4.6.0%252Bp1-0%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2

purl pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1u3q-52yd-1bhe

vulnerability	VCID-24s5-d6jt-4kfe

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-47nm-nte5-27fm

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-7xbp-qkvv-bqgm

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9hdy-aqa2-w3bd

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-dpu2-4w42-kygw

vulnerability	VCID-euma-vgqx-sbau

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-su8x-6n42-n3d5

vulnerability	VCID-u24a-2khf-uyba

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-xfgd-4hs3-vygk

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

vulnerability	VCID-zhf4-y8v8-gubn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.4-2%252Bdeb12u2

url pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1u3q-52yd-1bhe

vulnerability	VCID-24s5-d6jt-4kfe

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-47nm-nte5-27fm

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-7xbp-qkvv-bqgm

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9hdy-aqa2-w3bd

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-dpu2-4w42-kygw

vulnerability	VCID-euma-vgqx-sbau

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-su8x-6n42-n3d5

vulnerability	VCID-u24a-2khf-uyba

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-xfgd-4hs3-vygk

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

vulnerability	VCID-zhf4-y8v8-gubn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.4-2%252Bdeb12u2%3Fdistro=trixie

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-1544

reference_id

reference_type

scores

value	0.00076
scoring_system	epss
scoring_elements	0.22835
published_at	2026-04-09T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22763
published_at	2026-04-13T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22819
published_at	2026-04-12T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22857
published_at	2026-04-11T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22871
published_at	2026-04-02T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22916
published_at	2026-04-04T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22708
published_at	2026-04-07T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22783
published_at	2026-04-08T12:55:00Z

value	0.00153
scoring_system	epss
scoring_elements	0.36023
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-1544

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1544
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1544

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081789
reference_id	1081789
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081789

reference_url

https://github.com/wolfSSL/wolfssl/pull/7020

reference_id

7020

reference_type

scores

value	4.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T19:14:00Z/

url

https://github.com/wolfSSL/wolfssl/pull/7020

reference_url

https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable

reference_id

v5.7.2-stable

reference_type

scores

value	4.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T19:14:00Z/

url

https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable

Weaknesses

cwe_id	203
name	Observable Discrepancy
description	The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

Exploits

Severity_range_score 4.1 - 4.1

Exploitability 0.5

Weighted_severity 3.7

Risk_score 1.9

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dpu2-4w42-kygw

Vulnerability Instance