Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/wolfssl@5.5.3-r0?arch=aarch64&distroversion=edge&reponame=community

Type apk

Namespace alpine

Name wolfssl

Version 5.5.3-r0

Qualifiers

arch	aarch64
distroversion	edge
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version 5.6.6-r0

Latest_non_vulnerable_version 5.9.1-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-q8qu-pdd6-pqbu

vulnerability_id VCID-q8qu-pdd6-pqbu

summary In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-42905

reference_id

reference_type

scores

value	0.04788
scoring_system	epss
scoring_elements	0.89714
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-42905

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42905

reference_url

http://seclists.org/fulldisclosure/2023/Jan/11

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/

url

http://seclists.org/fulldisclosure/2023/Jan/11

reference_url

https://github.com/wolfSSL/wolfssl/releases

reference_id

releases

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/

url

https://github.com/wolfSSL/wolfssl/releases

reference_url

https://www.wolfssl.com/docs/security-vulnerabilities/

reference_id

security-vulnerabilities

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/

url

https://www.wolfssl.com/docs/security-vulnerabilities/

reference_url

https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable

reference_id

v5.5.2-stable

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/

url

https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable

reference_url

https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/

reference_id

wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/

url

https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/

reference_url

http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html

reference_id

wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-02T18:39:33Z/

url

http://packetstormsecurity.com/files/170610/wolfSSL-WOLFSSL_CALLBACKS-Heap-Buffer-Over-Read.html

fixed_packages

url	pkg:apk/alpine/wolfssl@5.5.3-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/wolfssl@5.5.3-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/wolfssl@5.5.3-r0%3Farch=aarch64&distroversion=edge&reponame=community

aliases CVE-2022-42905

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q8qu-pdd6-pqbu

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/wolfssl@5.5.3-r0%3Farch=aarch64&distroversion=edge&reponame=community

Package Instance