Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/openssl@3.0.19-1~deb12u2
Typedeb
Namespacedebian
Nameopenssl
Version3.0.19-1~deb12u2
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.5.5-1~deb13u2
Latest_non_vulnerable_version4.0.0~alpha1-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-8gde-1md7-5yak
vulnerability_id VCID-8gde-1md7-5yak
summary OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27587
reference_id
reference_type
scores
0
value 0.00078
scoring_system epss
scoring_elements 0.23308
published_at 2026-04-04T12:55:00Z
1
value 0.00078
scoring_system epss
scoring_elements 0.23265
published_at 2026-04-02T12:55:00Z
2
value 0.00078
scoring_system epss
scoring_elements 0.23244
published_at 2026-04-11T12:55:00Z
3
value 0.00078
scoring_system epss
scoring_elements 0.23223
published_at 2026-04-09T12:55:00Z
4
value 0.00078
scoring_system epss
scoring_elements 0.23172
published_at 2026-04-08T12:55:00Z
5
value 0.00078
scoring_system epss
scoring_elements 0.23098
published_at 2026-04-07T12:55:00Z
6
value 0.00224
scoring_system epss
scoring_elements 0.45102
published_at 2026-04-13T12:55:00Z
7
value 0.00224
scoring_system epss
scoring_elements 0.451
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27587
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27587
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27587
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/openssl/openssl/issues/24253
reference_id 24253
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-26T16:16:27Z/
url https://github.com/openssl/openssl/issues/24253
fixed_packages
0
url pkg:deb/debian/openssl@3.0.14-1~deb12u1
purl pkg:deb/debian/openssl@3.0.14-1~deb12u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.14-1~deb12u1
1
url pkg:deb/debian/openssl@3.0.19-1~deb12u1
purl pkg:deb/debian/openssl@3.0.19-1~deb12u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.19-1~deb12u1
2
url pkg:deb/debian/openssl@3.0.19-1~deb12u2
purl pkg:deb/debian/openssl@3.0.19-1~deb12u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.19-1~deb12u2
aliases CVE-2025-27587
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8gde-1md7-5yak
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.19-1~deb12u2