{"url":"http://public2.vulnerablecode.io/api/packages/107503?format=json","purl":"pkg:deb/debian/wolfssl@5.5.4-2.1?distro=trixie","type":"deb","namespace":"debian","name":"wolfssl","version":"5.5.4-2.1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"5.6.6-1.2","latest_non_vulnerable_version":"5.9.1-0.1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151361?format=json","vulnerability_id":"VCID-v1wx-wjcm-zub2","summary":"If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. Using a potentially known IKM value when generating the session master secret key compromises the key generated, allowing an eavesdropper to reconstruct it and potentially allowing access to or meddling with message contents in the session. This issue does not affect client validation of connected servers, nor expose private key information, but could result in an insecure TLS 1.3 session when not controlling both sides of the connection. wolfSSL recommends that TLS 1.3 client side users update the version of wolfSSL used.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3724","reference_id":"","reference_type":"","scores":[{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34421","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3724"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3724","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3724"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041699","reference_id":"1041699","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041699"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/6412","reference_id":"6412","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-29T15:53:34Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/6412"},{"reference_url":"https://www.wolfssl.com/docs/security-vulnerabilities/","reference_id":"security-vulnerabilities","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-29T15:53:34Z/"}],"url":"https://www.wolfssl.com/docs/security-vulnerabilities/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/107479?format=json","purl":"pkg:deb/debian/wolfssl@4.6.0%2Bp1-0%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cpy-8cfg-m7by"},{"vulnerability":"VCID-3t6f-4338-2ufb"},{"vulnerability":"VCID-4kqw-4h4n-1kh1"},{"vulnerability":"VCID-5fxd-yhdh-93c3"},{"vulnerability":"VCID-5rh9-apbs-h3h3"},{"vulnerability":"VCID-5t9e-3e1y-x3gq"},{"vulnerability":"VCID-5uj4-cczj-k3br"},{"vulnerability":"VCID-6s5y-9ebe-g3fg"},{"vulnerability":"VCID-8cky-7dxn-q3gn"},{"vulnerability":"VCID-9r5u-7n3h-kuhf"},{"vulnerability":"VCID-ahuu-nu9f-v7h6"},{"vulnerability":"VCID-bcmv-4zxw-p3gz"},{"vulnerability":"VCID-cgfe-yefp-p3hf"},{"vulnerability":"VCID-cwum-6frr-jkcu"},{"vulnerability":"VCID-d53m-u8a8-j3dw"},{"vulnerability":"VCID-dmpm-jrvj-dfe9"},{"vulnerability":"VCID-dvxj-cpr2-dqfq"},{"vulnerability":"VCID-e6n7-fdre-gqbp"},{"vulnerability":"VCID-esbj-656n-qff2"},{"vulnerability":"VCID-fmtg-ud6q-hqdh"},{"vulnerability":"VCID-g2kr-25e3-jff3"},{"vulnerability":"VCID-gcw5-nqf5-c3g3"},{"vulnerability":"VCID-gfcx-vysg-nqde"},{"vulnerability":"VCID-grds-ffsq-dkg8"},{"vulnerability":"VCID-gtqk-pj1r-f7fy"},{"vulnerability":"VCID-j747-p6qq-zff9"},{"vulnerability":"VCID-jvt4-vdz2-53f7"},{"vulnerability":"VCID-jzhy-drxb-xuca"},{"vulnerability":"VCID-ktww-nfwa-s3a1"},{"vulnerability":"VCID-mwtq-ctz8-vygv"},{"vulnerability":"VCID-n1eq-1t8y-8qg6"},{"vulnerability":"VCID-n82v-xc94-gqf2"},{"vulnerability":"VCID-nctg-w5ay-jqaa"},{"vulnerability":"VCID-pjhe-euye-1uck"},{"vulnerability":"VCID-q4qr-d5rm-q3dn"},{"vulnerability":"VCID-qb2p-81us-s7gh"},{"vulnerability":"VCID-rhdd-gnfj-qbcm"},{"vulnerability":"VCID-s7df-gz2p-3kb5"},{"vulnerability":"VCID-ss2x-qr7v-k7cy"},{"vulnerability":"VCID-sur7-4jwh-5bew"},{"vulnerability":"VCID-t1t2-esy1-u7cu"},{"vulnerability":"VCID-t44y-2qrf-3uah"},{"vulnerability":"VCID-tav9-1pth-2qc8"},{"vulnerability":"VCID-tzqp-bbba-skcy"},{"vulnerability":"VCID-u28v-ghu2-57hb"},{"vulnerability":"VCID-uabc-8bk1-f3gj"},{"vulnerability":"VCID-ucxr-u4qd-3qf6"},{"vulnerability":"VCID-urnp-9f8c-gqfb"},{"vulnerability":"VCID-ux6x-sdfm-63d5"},{"vulnerability":"VCID-vn8z-tsnh-1yd3"},{"vulnerability":"VCID-vuu8-zbbs-hqar"},{"vulnerability":"VCID-vw28-tt5y-qkgz"},{"vulnerability":"VCID-w78b-1t7y-6kex"},{"vulnerability":"VCID-wa7e-xast-t3dv"},{"vulnerability":"VCID-wpxx-p3cu-tqhx"},{"vulnerability":"VCID-xc3b-jpen-q3h4"},{"vulnerability":"VCID-z1d5-7eje-nfcp"},{"vulnerability":"VCID-zhqa-43p5-vkfb"},{"vulnerability":"VCID-ztr5-x7m4-d7e6"},{"vulnerability":"VCID-zw7v-pke6-xqcf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@4.6.0%252Bp1-0%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/107502?format=json","purl":"pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.4-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/107477?format=json","purl":"pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cpy-8cfg-m7by"},{"vulnerability":"VCID-3t6f-4338-2ufb"},{"vulnerability":"VCID-4kqw-4h4n-1kh1"},{"vulnerability":"VCID-5fxd-yhdh-93c3"},{"vulnerability":"VCID-5rh9-apbs-h3h3"},{"vulnerability":"VCID-5t9e-3e1y-x3gq"},{"vulnerability":"VCID-5uj4-cczj-k3br"},{"vulnerability":"VCID-6s5y-9ebe-g3fg"},{"vulnerability":"VCID-8cky-7dxn-q3gn"},{"vulnerability":"VCID-9r5u-7n3h-kuhf"},{"vulnerability":"VCID-ahuu-nu9f-v7h6"},{"vulnerability":"VCID-bcmv-4zxw-p3gz"},{"vulnerability":"VCID-cgfe-yefp-p3hf"},{"vulnerability":"VCID-cwum-6frr-jkcu"},{"vulnerability":"VCID-d53m-u8a8-j3dw"},{"vulnerability":"VCID-dmpm-jrvj-dfe9"},{"vulnerability":"VCID-dvxj-cpr2-dqfq"},{"vulnerability":"VCID-e6n7-fdre-gqbp"},{"vulnerability":"VCID-esbj-656n-qff2"},{"vulnerability":"VCID-fmtg-ud6q-hqdh"},{"vulnerability":"VCID-g2kr-25e3-jff3"},{"vulnerability":"VCID-gcw5-nqf5-c3g3"},{"vulnerability":"VCID-grds-ffsq-dkg8"},{"vulnerability":"VCID-gtqk-pj1r-f7fy"},{"vulnerability":"VCID-j747-p6qq-zff9"},{"vulnerability":"VCID-jvt4-vdz2-53f7"},{"vulnerability":"VCID-jzhy-drxb-xuca"},{"vulnerability":"VCID-ktww-nfwa-s3a1"},{"vulnerability":"VCID-mwtq-ctz8-vygv"},{"vulnerability":"VCID-n1eq-1t8y-8qg6"},{"vulnerability":"VCID-n82v-xc94-gqf2"},{"vulnerability":"VCID-nctg-w5ay-jqaa"},{"vulnerability":"VCID-pjhe-euye-1uck"},{"vulnerability":"VCID-q4qr-d5rm-q3dn"},{"vulnerability":"VCID-qb2p-81us-s7gh"},{"vulnerability":"VCID-rhdd-gnfj-qbcm"},{"vulnerability":"VCID-s7df-gz2p-3kb5"},{"vulnerability":"VCID-ss2x-qr7v-k7cy"},{"vulnerability":"VCID-sur7-4jwh-5bew"},{"vulnerability":"VCID-t1t2-esy1-u7cu"},{"vulnerability":"VCID-t44y-2qrf-3uah"},{"vulnerability":"VCID-tav9-1pth-2qc8"},{"vulnerability":"VCID-tzqp-bbba-skcy"},{"vulnerability":"VCID-u28v-ghu2-57hb"},{"vulnerability":"VCID-uabc-8bk1-f3gj"},{"vulnerability":"VCID-ucxr-u4qd-3qf6"},{"vulnerability":"VCID-urnp-9f8c-gqfb"},{"vulnerability":"VCID-ux6x-sdfm-63d5"},{"vulnerability":"VCID-vn8z-tsnh-1yd3"},{"vulnerability":"VCID-vw28-tt5y-qkgz"},{"vulnerability":"VCID-wa7e-xast-t3dv"},{"vulnerability":"VCID-wpxx-p3cu-tqhx"},{"vulnerability":"VCID-xc3b-jpen-q3h4"},{"vulnerability":"VCID-z1d5-7eje-nfcp"},{"vulnerability":"VCID-zhqa-43p5-vkfb"},{"vulnerability":"VCID-ztr5-x7m4-d7e6"},{"vulnerability":"VCID-zw7v-pke6-xqcf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.4-2%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/107503?format=json","purl":"pkg:deb/debian/wolfssl@5.5.4-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.4-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/107481?format=json","purl":"pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cpy-8cfg-m7by"},{"vulnerability":"VCID-3t6f-4338-2ufb"},{"vulnerability":"VCID-4kqw-4h4n-1kh1"},{"vulnerability":"VCID-5fxd-yhdh-93c3"},{"vulnerability":"VCID-5t9e-3e1y-x3gq"},{"vulnerability":"VCID-5uj4-cczj-k3br"},{"vulnerability":"VCID-6s5y-9ebe-g3fg"},{"vulnerability":"VCID-8cky-7dxn-q3gn"},{"vulnerability":"VCID-9r5u-7n3h-kuhf"},{"vulnerability":"VCID-ahuu-nu9f-v7h6"},{"vulnerability":"VCID-bcmv-4zxw-p3gz"},{"vulnerability":"VCID-cgfe-yefp-p3hf"},{"vulnerability":"VCID-cwum-6frr-jkcu"},{"vulnerability":"VCID-d53m-u8a8-j3dw"},{"vulnerability":"VCID-dmpm-jrvj-dfe9"},{"vulnerability":"VCID-e6n7-fdre-gqbp"},{"vulnerability":"VCID-esbj-656n-qff2"},{"vulnerability":"VCID-g2kr-25e3-jff3"},{"vulnerability":"VCID-j747-p6qq-zff9"},{"vulnerability":"VCID-jzhy-drxb-xuca"},{"vulnerability":"VCID-ktww-nfwa-s3a1"},{"vulnerability":"VCID-mwtq-ctz8-vygv"},{"vulnerability":"VCID-n82v-xc94-gqf2"},{"vulnerability":"VCID-nctg-w5ay-jqaa"},{"vulnerability":"VCID-pjhe-euye-1uck"},{"vulnerability":"VCID-q4qr-d5rm-q3dn"},{"vulnerability":"VCID-qb2p-81us-s7gh"},{"vulnerability":"VCID-rhdd-gnfj-qbcm"},{"vulnerability":"VCID-s7df-gz2p-3kb5"},{"vulnerability":"VCID-ss2x-qr7v-k7cy"},{"vulnerability":"VCID-sur7-4jwh-5bew"},{"vulnerability":"VCID-t1t2-esy1-u7cu"},{"vulnerability":"VCID-t44y-2qrf-3uah"},{"vulnerability":"VCID-tav9-1pth-2qc8"},{"vulnerability":"VCID-tzqp-bbba-skcy"},{"vulnerability":"VCID-uabc-8bk1-f3gj"},{"vulnerability":"VCID-ucxr-u4qd-3qf6"},{"vulnerability":"VCID-urnp-9f8c-gqfb"},{"vulnerability":"VCID-ux6x-sdfm-63d5"},{"vulnerability":"VCID-vn8z-tsnh-1yd3"},{"vulnerability":"VCID-vw28-tt5y-qkgz"},{"vulnerability":"VCID-wa7e-xast-t3dv"},{"vulnerability":"VCID-xc3b-jpen-q3h4"},{"vulnerability":"VCID-z1d5-7eje-nfcp"},{"vulnerability":"VCID-zhqa-43p5-vkfb"},{"vulnerability":"VCID-zw7v-pke6-xqcf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/107480?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie"}],"aliases":["CVE-2023-3724"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v1wx-wjcm-zub2"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.4-2.1%3Fdistro=trixie"}