{"url":"http://public2.vulnerablecode.io/api/packages/994671?format=json","purl":"pkg:deb/debian/wolfssl@4.6.0%2Bp1-0%2Bdeb11u2","type":"deb","namespace":"debian","name":"wolfssl","version":"4.6.0+p1-0+deb11u2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.9.1-0.1","latest_non_vulnerable_version":"5.9.1-0.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351108?format=json","vulnerability_id":"VCID-15fz-hhc7-kyaa","summary":"wolfSSL: wolfSSL: Reduced security of ECDSA authentication via missing digest size checks","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5194.json","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5194.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5194","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08261","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10383","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10445","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10405","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10434","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12083","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.1206","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12028","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.11931","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5194"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/10131","reference_id":"10131","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:L/SA:L/U:Red"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-10T18:05:44Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/10131"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835","reference_id":"1133835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457041","reference_id":"2457041","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457041"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-5194"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-15fz-hhc7-kyaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96335?format=json","vulnerability_id":"VCID-1u3q-52yd-1bhe","summary":"In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-5991","reference_id":"","reference_type":"","scores":[{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29105","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29284","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29172","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29577","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29626","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29448","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.2951","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.2955","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29552","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29507","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29455","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29474","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29446","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.294","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-5991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5991"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081788","reference_id":"1081788","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081788"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994673?format=json","purl":"pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15fz-hhc7-kyaa"},{"vulnerability":"VCID-24mg-wn6a-6bew"},{"vulnerability":"VCID-2ry7-trrg-gfdk"},{"vulnerability":"VCID-3gve-u4f4-bkht"},{"vulnerability":"VCID-4zda-zrq6-hbc8"},{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-6v8z-cfax-zqbh"},{"vulnerability":"VCID-75y2-h9uk-n3a6"},{"vulnerability":"VCID-8735-ectc-j7a3"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-9jpj-dfsf-qkce"},{"vulnerability":"VCID-9jw2-3v9v-ruap"},{"vulnerability":"VCID-9kev-ferz-5bhr"},{"vulnerability":"VCID-9x14-2t7m-1kbm"},{"vulnerability":"VCID-bfap-h1d9-33dj"},{"vulnerability":"VCID-cv4y-g4un-ckd4"},{"vulnerability":"VCID-cxhw-3w24-dkes"},{"vulnerability":"VCID-f57c-kamk-3bct"},{"vulnerability":"VCID-f5kd-yqz2-nkcb"},{"vulnerability":"VCID-fmtp-x6y7-83g1"},{"vulnerability":"VCID-g5u9-khw6-4kgn"},{"vulnerability":"VCID-gcfd-w8je-kqfm"},{"vulnerability":"VCID-gdur-h588-vbb6"},{"vulnerability":"VCID-gmdj-a1ys-tqc2"},{"vulnerability":"VCID-gtdh-mytb-t3fh"},{"vulnerability":"VCID-h6na-nxxq-5yg9"},{"vulnerability":"VCID-hdbf-118z-2yec"},{"vulnerability":"VCID-hk8r-kk4v-1fa7"},{"vulnerability":"VCID-jc3b-m4ud-n7fw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-jxf4-y1au-5bhw"},{"vulnerability":"VCID-khur-3ax7-9fhb"},{"vulnerability":"VCID-n64w-nq6a-m7bv"},{"vulnerability":"VCID-n6uz-fe7m-uqhk"},{"vulnerability":"VCID-njbj-f91t-b7f4"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"},{"vulnerability":"VCID-u55w-unmd-97cm"},{"vulnerability":"VCID-udcq-enxt-wyf1"},{"vulnerability":"VCID-ugd8-9xzt-xbdz"},{"vulnerability":"VCID-uvht-9bt9-hfbb"},{"vulnerability":"VCID-v3m6-zajw-bfhb"},{"vulnerability":"VCID-vugd-2jfz-23b5"},{"vulnerability":"VCID-x3uy-7crx-2kae"},{"vulnerability":"VCID-xuyn-pjpb-g7du"},{"vulnerability":"VCID-xxkx-w5pc-5uap"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1"}],"aliases":["CVE-2024-5991"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1u3q-52yd-1bhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351421?format=json","vulnerability_id":"VCID-24mg-wn6a-6bew","summary":"Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5393","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09455","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09482","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09438","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12948","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13083","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13052","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12989","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12992","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1309","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5393"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5393","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5393"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/10079","reference_id":"10079","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T15:02:50Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/10079"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835","reference_id":"1133835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-5393"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-24mg-wn6a-6bew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95892?format=json","vulnerability_id":"VCID-24s5-d6jt-4kfe","summary":"In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6936","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50733","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50822","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50769","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50778","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50761","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50786","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50743","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50799","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50795","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50838","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50814","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50837","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50843","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6936"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6936","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6936"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059357","reference_id":"1059357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059357"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/6949/","reference_id":"6949","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-27T14:22:41Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/6949/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994673?format=json","purl":"pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15fz-hhc7-kyaa"},{"vulnerability":"VCID-24mg-wn6a-6bew"},{"vulnerability":"VCID-2ry7-trrg-gfdk"},{"vulnerability":"VCID-3gve-u4f4-bkht"},{"vulnerability":"VCID-4zda-zrq6-hbc8"},{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-6v8z-cfax-zqbh"},{"vulnerability":"VCID-75y2-h9uk-n3a6"},{"vulnerability":"VCID-8735-ectc-j7a3"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-9jpj-dfsf-qkce"},{"vulnerability":"VCID-9jw2-3v9v-ruap"},{"vulnerability":"VCID-9kev-ferz-5bhr"},{"vulnerability":"VCID-9x14-2t7m-1kbm"},{"vulnerability":"VCID-bfap-h1d9-33dj"},{"vulnerability":"VCID-cv4y-g4un-ckd4"},{"vulnerability":"VCID-cxhw-3w24-dkes"},{"vulnerability":"VCID-f57c-kamk-3bct"},{"vulnerability":"VCID-f5kd-yqz2-nkcb"},{"vulnerability":"VCID-fmtp-x6y7-83g1"},{"vulnerability":"VCID-g5u9-khw6-4kgn"},{"vulnerability":"VCID-gcfd-w8je-kqfm"},{"vulnerability":"VCID-gdur-h588-vbb6"},{"vulnerability":"VCID-gmdj-a1ys-tqc2"},{"vulnerability":"VCID-gtdh-mytb-t3fh"},{"vulnerability":"VCID-h6na-nxxq-5yg9"},{"vulnerability":"VCID-hdbf-118z-2yec"},{"vulnerability":"VCID-hk8r-kk4v-1fa7"},{"vulnerability":"VCID-jc3b-m4ud-n7fw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-jxf4-y1au-5bhw"},{"vulnerability":"VCID-khur-3ax7-9fhb"},{"vulnerability":"VCID-n64w-nq6a-m7bv"},{"vulnerability":"VCID-n6uz-fe7m-uqhk"},{"vulnerability":"VCID-njbj-f91t-b7f4"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"},{"vulnerability":"VCID-u55w-unmd-97cm"},{"vulnerability":"VCID-udcq-enxt-wyf1"},{"vulnerability":"VCID-ugd8-9xzt-xbdz"},{"vulnerability":"VCID-uvht-9bt9-hfbb"},{"vulnerability":"VCID-v3m6-zajw-bfhb"},{"vulnerability":"VCID-vugd-2jfz-23b5"},{"vulnerability":"VCID-x3uy-7crx-2kae"},{"vulnerability":"VCID-xuyn-pjpb-g7du"},{"vulnerability":"VCID-xxkx-w5pc-5uap"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1"}],"aliases":["CVE-2023-6936"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-24s5-d6jt-4kfe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97095?format=json","vulnerability_id":"VCID-2ry7-trrg-gfdk","summary":"Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled (HAVE_ALPN / --enable-alpn). A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash (denial of service). Note that ALPN is disabled by default, but is enabled for these 3rd party compatibility features: enable-apachehttpd, enable-bind, enable-curl, enable-haproxy, enable-hitch, enable-lighty, enable-jni, enable-nginx, enable-quic.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3547","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14329","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14336","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14244","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14188","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14078","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14077","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14393","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.142","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14282","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15611","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15554","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1557","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3547"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/9859","reference_id":"9859","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-21T03:33:12Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/9859"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994704?format=json","purl":"pkg:deb/debian/wolfssl@5.9.0-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-3547"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ry7-trrg-gfdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351420?format=json","vulnerability_id":"VCID-3gve-u4f4-bkht","summary":"Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bounds check is in the indefinite-length end-of-content verification loop in PKCS7_VerifySignedData().","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5392","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02492","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02502","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0249","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04053","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04002","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04008","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03859","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03869","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0399","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5392"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5392","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5392"},{"reference_url":"https://github.com/wolfssl/wolfssl/pull/10039","reference_id":"10039","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T14:08:38Z/"}],"url":"https://github.com/wolfssl/wolfssl/pull/10039"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835","reference_id":"1133835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-5392"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3gve-u4f4-bkht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95932?format=json","vulnerability_id":"VCID-47nm-nte5-27fm","summary":"Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1545","reference_id":"","reference_type":"","scores":[{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.45932","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46083","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.4608","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.45981","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.45991","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46003","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46024","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.45972","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46027","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46048","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.4602","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46028","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1545"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/7167","reference_id":"7167","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-30T14:19:14Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/7167"},{"reference_url":"https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable","reference_id":"v5.7.0-stable","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-30T14:19:14Z/"}],"url":"https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994673?format=json","purl":"pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15fz-hhc7-kyaa"},{"vulnerability":"VCID-24mg-wn6a-6bew"},{"vulnerability":"VCID-2ry7-trrg-gfdk"},{"vulnerability":"VCID-3gve-u4f4-bkht"},{"vulnerability":"VCID-4zda-zrq6-hbc8"},{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-6v8z-cfax-zqbh"},{"vulnerability":"VCID-75y2-h9uk-n3a6"},{"vulnerability":"VCID-8735-ectc-j7a3"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-9jpj-dfsf-qkce"},{"vulnerability":"VCID-9jw2-3v9v-ruap"},{"vulnerability":"VCID-9kev-ferz-5bhr"},{"vulnerability":"VCID-9x14-2t7m-1kbm"},{"vulnerability":"VCID-bfap-h1d9-33dj"},{"vulnerability":"VCID-cv4y-g4un-ckd4"},{"vulnerability":"VCID-cxhw-3w24-dkes"},{"vulnerability":"VCID-f57c-kamk-3bct"},{"vulnerability":"VCID-f5kd-yqz2-nkcb"},{"vulnerability":"VCID-fmtp-x6y7-83g1"},{"vulnerability":"VCID-g5u9-khw6-4kgn"},{"vulnerability":"VCID-gcfd-w8je-kqfm"},{"vulnerability":"VCID-gdur-h588-vbb6"},{"vulnerability":"VCID-gmdj-a1ys-tqc2"},{"vulnerability":"VCID-gtdh-mytb-t3fh"},{"vulnerability":"VCID-h6na-nxxq-5yg9"},{"vulnerability":"VCID-hdbf-118z-2yec"},{"vulnerability":"VCID-hk8r-kk4v-1fa7"},{"vulnerability":"VCID-jc3b-m4ud-n7fw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-jxf4-y1au-5bhw"},{"vulnerability":"VCID-khur-3ax7-9fhb"},{"vulnerability":"VCID-n64w-nq6a-m7bv"},{"vulnerability":"VCID-n6uz-fe7m-uqhk"},{"vulnerability":"VCID-njbj-f91t-b7f4"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"},{"vulnerability":"VCID-u55w-unmd-97cm"},{"vulnerability":"VCID-udcq-enxt-wyf1"},{"vulnerability":"VCID-ugd8-9xzt-xbdz"},{"vulnerability":"VCID-uvht-9bt9-hfbb"},{"vulnerability":"VCID-v3m6-zajw-bfhb"},{"vulnerability":"VCID-vugd-2jfz-23b5"},{"vulnerability":"VCID-x3uy-7crx-2kae"},{"vulnerability":"VCID-xuyn-pjpb-g7du"},{"vulnerability":"VCID-xxkx-w5pc-5uap"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1"}],"aliases":["CVE-2024-1545"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-47nm-nte5-27fm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97098?format=json","vulnerability_id":"VCID-4zda-zrq6-hbc8","summary":"wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted __muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions (sp_256_mul_9, sp_256_sqr_9, etc.), leading to a timing side-channel that may expose sensitive cryptographic data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3579","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01511","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01503","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01496","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08663","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08687","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08618","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.0865","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08539","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08527","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08686","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08669","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08589","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3579"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3579","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3579"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/9855","reference_id":"9855","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T01:36:44Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/9855"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994704?format=json","purl":"pkg:deb/debian/wolfssl@5.9.0-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-3579"],"risk_score":0.9,"exploitability":"0.5","weighted_severity":"1.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4zda-zrq6-hbc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351433?format=json","vulnerability_id":"VCID-4zyq-af27-yqa4","summary":"A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active.  If a wildcard * exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check, which could cause a crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5772","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12744","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12782","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12697","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14298","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14379","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14353","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14282","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14351","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5772"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/10119","reference_id":"10119","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T13:52:51Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/10119"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835","reference_id":"1133835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-5772"],"risk_score":0.9,"exploitability":"0.5","weighted_severity":"1.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4zyq-af27-yqa4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95239?format=json","vulnerability_id":"VCID-6n4g-us9a-53g4","summary":"An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of wolfSSL's native API.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-38152","reference_id":"","reference_type":"","scores":[{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.85849","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.85867","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.85871","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.85889","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.85899","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.85914","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.85911","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.85906","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.85924","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.85928","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.85919","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.8594","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02711","scoring_system":"epss","scoring_elements":"0.85949","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-38152"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38152","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38152"},{"reference_url":"https://github.com/tlspuffin/tlspuffin","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/tlspuffin/tlspuffin"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/5468","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/wolfSSL/wolfssl/pull/5468"},{"reference_url":"https://github.com/wolfSSL/wolfssl/releases","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/wolfSSL/wolfssl/releases"},{"reference_url":"https://www.wolfssl.com/docs/security-vulnerabilities/","reference_id":"","reference_type":"","scores":[],"url":"https://www.wolfssl.com/docs/security-vulnerabilities/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021021","reference_id":"1021021","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021021"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-38152","reference_id":"CVE-2022-38152","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-38152"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994672?format=json","purl":"pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15fz-hhc7-kyaa"},{"vulnerability":"VCID-1u3q-52yd-1bhe"},{"vulnerability":"VCID-24mg-wn6a-6bew"},{"vulnerability":"VCID-24s5-d6jt-4kfe"},{"vulnerability":"VCID-2ry7-trrg-gfdk"},{"vulnerability":"VCID-3gve-u4f4-bkht"},{"vulnerability":"VCID-47nm-nte5-27fm"},{"vulnerability":"VCID-4zda-zrq6-hbc8"},{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-6v8z-cfax-zqbh"},{"vulnerability":"VCID-75y2-h9uk-n3a6"},{"vulnerability":"VCID-7xbp-qkvv-bqgm"},{"vulnerability":"VCID-8735-ectc-j7a3"},{"vulnerability":"VCID-9hdy-aqa2-w3bd"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-9jpj-dfsf-qkce"},{"vulnerability":"VCID-9jw2-3v9v-ruap"},{"vulnerability":"VCID-9kev-ferz-5bhr"},{"vulnerability":"VCID-9x14-2t7m-1kbm"},{"vulnerability":"VCID-bfap-h1d9-33dj"},{"vulnerability":"VCID-cv4y-g4un-ckd4"},{"vulnerability":"VCID-cxhw-3w24-dkes"},{"vulnerability":"VCID-dpu2-4w42-kygw"},{"vulnerability":"VCID-euma-vgqx-sbau"},{"vulnerability":"VCID-f57c-kamk-3bct"},{"vulnerability":"VCID-f5kd-yqz2-nkcb"},{"vulnerability":"VCID-fmtp-x6y7-83g1"},{"vulnerability":"VCID-g5u9-khw6-4kgn"},{"vulnerability":"VCID-gcfd-w8je-kqfm"},{"vulnerability":"VCID-gdur-h588-vbb6"},{"vulnerability":"VCID-gmdj-a1ys-tqc2"},{"vulnerability":"VCID-gtdh-mytb-t3fh"},{"vulnerability":"VCID-h6na-nxxq-5yg9"},{"vulnerability":"VCID-hdbf-118z-2yec"},{"vulnerability":"VCID-hk8r-kk4v-1fa7"},{"vulnerability":"VCID-jc3b-m4ud-n7fw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-jxf4-y1au-5bhw"},{"vulnerability":"VCID-khur-3ax7-9fhb"},{"vulnerability":"VCID-n64w-nq6a-m7bv"},{"vulnerability":"VCID-n6uz-fe7m-uqhk"},{"vulnerability":"VCID-njbj-f91t-b7f4"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"},{"vulnerability":"VCID-su8x-6n42-n3d5"},{"vulnerability":"VCID-u24a-2khf-uyba"},{"vulnerability":"VCID-u55w-unmd-97cm"},{"vulnerability":"VCID-udcq-enxt-wyf1"},{"vulnerability":"VCID-ugd8-9xzt-xbdz"},{"vulnerability":"VCID-uvht-9bt9-hfbb"},{"vulnerability":"VCID-v3m6-zajw-bfhb"},{"vulnerability":"VCID-vugd-2jfz-23b5"},{"vulnerability":"VCID-x3uy-7crx-2kae"},{"vulnerability":"VCID-xfgd-4hs3-vygk"},{"vulnerability":"VCID-xuyn-pjpb-g7du"},{"vulnerability":"VCID-xxkx-w5pc-5uap"},{"vulnerability":"VCID-zhf4-y8v8-gubn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.4-2%252Bdeb12u2"}],"aliases":["CVE-2022-38152"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6n4g-us9a-53g4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97034?format=json","vulnerability_id":"VCID-6v8z-cfax-zqbh","summary":"In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 (wolfSSL 5.8.2 and earlier is vulnerable, 5.8.4 is not vulnerable). In 5.8.4 wolfSSL would detect the issue later in the handshake. 5.9.0 was further hardened to catch the issue earlier in the handshake.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2645","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08087","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08165","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08157","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08138","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08122","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08028","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08014","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0813","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08081","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08143","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09513","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09541","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09588","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09554","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2645"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/9694","reference_id":"9694","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:45:34Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/9694"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994704?format=json","purl":"pkg:deb/debian/wolfssl@5.9.0-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-2645"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6v8z-cfax-zqbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351416?format=json","vulnerability_id":"VCID-75y2-h9uk-n3a6","summary":"An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This results in incorrect handling of certificate data. The issue is limited to configurations using the original ASN.1 parsing implementation which is off by default.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5188","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07843","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07856","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0783","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10653","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10728","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10708","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10634","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.1065","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10774","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5188"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5188","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5188"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/10024","reference_id":"10024","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T13:41:44Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/10024"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835","reference_id":"1133835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-5188"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-75y2-h9uk-n3a6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95930?format=json","vulnerability_id":"VCID-7xbp-qkvv-bqgm","summary":"The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. In a controlled environment such as Intel SGX, an attacker can gain a per instruction sub-cache-line resolution allowing them to break the cache-line-level protection. For details on the attack refer to:  https://doi.org/10.46586/tches.v2024.i1.457-500","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1543","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12212","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12359","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12324","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12455","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12499","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12304","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12383","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12434","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1244","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12401","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1236","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12262","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12261","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12365","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1543"},{"reference_url":"https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-566-dec-19-2023","reference_id":"ChangeLog.md#wolfssl-release-566-dec-19-2023","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-30T14:19:28Z/"}],"url":"https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-566-dec-19-2023"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994673?format=json","purl":"pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15fz-hhc7-kyaa"},{"vulnerability":"VCID-24mg-wn6a-6bew"},{"vulnerability":"VCID-2ry7-trrg-gfdk"},{"vulnerability":"VCID-3gve-u4f4-bkht"},{"vulnerability":"VCID-4zda-zrq6-hbc8"},{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-6v8z-cfax-zqbh"},{"vulnerability":"VCID-75y2-h9uk-n3a6"},{"vulnerability":"VCID-8735-ectc-j7a3"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-9jpj-dfsf-qkce"},{"vulnerability":"VCID-9jw2-3v9v-ruap"},{"vulnerability":"VCID-9kev-ferz-5bhr"},{"vulnerability":"VCID-9x14-2t7m-1kbm"},{"vulnerability":"VCID-bfap-h1d9-33dj"},{"vulnerability":"VCID-cv4y-g4un-ckd4"},{"vulnerability":"VCID-cxhw-3w24-dkes"},{"vulnerability":"VCID-f57c-kamk-3bct"},{"vulnerability":"VCID-f5kd-yqz2-nkcb"},{"vulnerability":"VCID-fmtp-x6y7-83g1"},{"vulnerability":"VCID-g5u9-khw6-4kgn"},{"vulnerability":"VCID-gcfd-w8je-kqfm"},{"vulnerability":"VCID-gdur-h588-vbb6"},{"vulnerability":"VCID-gmdj-a1ys-tqc2"},{"vulnerability":"VCID-gtdh-mytb-t3fh"},{"vulnerability":"VCID-h6na-nxxq-5yg9"},{"vulnerability":"VCID-hdbf-118z-2yec"},{"vulnerability":"VCID-hk8r-kk4v-1fa7"},{"vulnerability":"VCID-jc3b-m4ud-n7fw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-jxf4-y1au-5bhw"},{"vulnerability":"VCID-khur-3ax7-9fhb"},{"vulnerability":"VCID-n64w-nq6a-m7bv"},{"vulnerability":"VCID-n6uz-fe7m-uqhk"},{"vulnerability":"VCID-njbj-f91t-b7f4"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"},{"vulnerability":"VCID-u55w-unmd-97cm"},{"vulnerability":"VCID-udcq-enxt-wyf1"},{"vulnerability":"VCID-ugd8-9xzt-xbdz"},{"vulnerability":"VCID-uvht-9bt9-hfbb"},{"vulnerability":"VCID-v3m6-zajw-bfhb"},{"vulnerability":"VCID-vugd-2jfz-23b5"},{"vulnerability":"VCID-x3uy-7crx-2kae"},{"vulnerability":"VCID-xuyn-pjpb-g7du"},{"vulnerability":"VCID-xxkx-w5pc-5uap"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1"}],"aliases":["CVE-2024-1543"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7xbp-qkvv-bqgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96470?format=json","vulnerability_id":"VCID-8735-ectc-j7a3","summary":"With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is supported, rather than those in the CertificateRequest.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12889","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03704","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03657","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03556","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0357","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03581","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03583","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03605","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03562","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03533","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03507","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03483","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03494","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03648","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03654","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12889"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12889","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12889"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121205","reference_id":"1121205","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121205"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/9395","reference_id":"9395","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T16:15:50Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/9395"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994704?format=json","purl":"pkg:deb/debian/wolfssl@5.9.0-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2025-12889"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8735-ectc-j7a3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96332?format=json","vulnerability_id":"VCID-9hdy-aqa2-w3bd","summary":"A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello.  https://doi.org/10.46586/tches.v2024.i1.457-500","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-5814","reference_id":"","reference_type":"","scores":[{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44273","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44351","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44355","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44455","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44476","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44412","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44463","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.4447","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44486","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44454","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.4451","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44502","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44432","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-5814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5814"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081791","reference_id":"1081791","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081791"},{"reference_url":"https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#add_later","reference_id":"ChangeLog.md#add_later","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/V:D/RE:M/U:Green"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-27T19:18:34Z/"}],"url":"https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#add_later"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994673?format=json","purl":"pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15fz-hhc7-kyaa"},{"vulnerability":"VCID-24mg-wn6a-6bew"},{"vulnerability":"VCID-2ry7-trrg-gfdk"},{"vulnerability":"VCID-3gve-u4f4-bkht"},{"vulnerability":"VCID-4zda-zrq6-hbc8"},{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-6v8z-cfax-zqbh"},{"vulnerability":"VCID-75y2-h9uk-n3a6"},{"vulnerability":"VCID-8735-ectc-j7a3"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-9jpj-dfsf-qkce"},{"vulnerability":"VCID-9jw2-3v9v-ruap"},{"vulnerability":"VCID-9kev-ferz-5bhr"},{"vulnerability":"VCID-9x14-2t7m-1kbm"},{"vulnerability":"VCID-bfap-h1d9-33dj"},{"vulnerability":"VCID-cv4y-g4un-ckd4"},{"vulnerability":"VCID-cxhw-3w24-dkes"},{"vulnerability":"VCID-f57c-kamk-3bct"},{"vulnerability":"VCID-f5kd-yqz2-nkcb"},{"vulnerability":"VCID-fmtp-x6y7-83g1"},{"vulnerability":"VCID-g5u9-khw6-4kgn"},{"vulnerability":"VCID-gcfd-w8je-kqfm"},{"vulnerability":"VCID-gdur-h588-vbb6"},{"vulnerability":"VCID-gmdj-a1ys-tqc2"},{"vulnerability":"VCID-gtdh-mytb-t3fh"},{"vulnerability":"VCID-h6na-nxxq-5yg9"},{"vulnerability":"VCID-hdbf-118z-2yec"},{"vulnerability":"VCID-hk8r-kk4v-1fa7"},{"vulnerability":"VCID-jc3b-m4ud-n7fw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-jxf4-y1au-5bhw"},{"vulnerability":"VCID-khur-3ax7-9fhb"},{"vulnerability":"VCID-n64w-nq6a-m7bv"},{"vulnerability":"VCID-n6uz-fe7m-uqhk"},{"vulnerability":"VCID-njbj-f91t-b7f4"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"},{"vulnerability":"VCID-u55w-unmd-97cm"},{"vulnerability":"VCID-udcq-enxt-wyf1"},{"vulnerability":"VCID-ugd8-9xzt-xbdz"},{"vulnerability":"VCID-uvht-9bt9-hfbb"},{"vulnerability":"VCID-v3m6-zajw-bfhb"},{"vulnerability":"VCID-vugd-2jfz-23b5"},{"vulnerability":"VCID-x3uy-7crx-2kae"},{"vulnerability":"VCID-xuyn-pjpb-g7du"},{"vulnerability":"VCID-xxkx-w5pc-5uap"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1"}],"aliases":["CVE-2024-5814"],"risk_score":2.3,"exploitability":"0.5","weighted_severity":"4.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hdy-aqa2-w3bd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351432?format=json","vulnerability_id":"VCID-9jb1-k32z-w7gw","summary":"When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the application to call specific session restore APIs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5507","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03696","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03718","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0367","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05945","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05713","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.059","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05935","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05723","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05868","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5507"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/10088","reference_id":"10088","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:38:30Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/10088"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835","reference_id":"1133835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-5507"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9jb1-k32z-w7gw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96986?format=json","vulnerability_id":"VCID-9jpj-dfsf-qkce","summary":"Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_DecodePacket. The underflow wraps a 16-bit length to a large value that is passed to AEAD decryption routines, causing heap buffer overflow and a crash. An unauthenticated attacker can trigger this remotely via malformed TLS Application Data records.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1005","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.1991","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19906","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19928","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23922","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23968","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23985","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23941","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.24035","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.24073","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23856","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26886","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26837","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26829","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26764","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1005"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/9571","reference_id":"9571","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:19:54Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/9571"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994704?format=json","purl":"pkg:deb/debian/wolfssl@5.9.0-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-1005"],"risk_score":0.9,"exploitability":"0.5","weighted_severity":"1.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9jpj-dfsf-qkce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97093?format=json","vulnerability_id":"VCID-9jw2-3v9v-ruap","summary":"Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during Keccak-based expansion.     This issue affects wolfSSL (wolfCrypt): commit hash d86575c766e6e67ef93545fa69c04d6eb49400c6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3503","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06492","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06607","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06599","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0659","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06516","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06523","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0653","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0652","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0657","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06614","published_at":"2026-04-09T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00799","published_at":"2026-04-21T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00801","published_at":"2026-04-26T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00797","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3503"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/9734","reference_id":"9734","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N/U:Amber"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T19:24:29Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/9734"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994704?format=json","purl":"pkg:deb/debian/wolfssl@5.9.0-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-3503"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9jw2-3v9v-ruap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96480?format=json","vulnerability_id":"VCID-9kev-ferz-5bhr","summary":"Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into non-constant-time binary by LLVM optimizations, which can potentially result in observable timing discrepancies and lead to information disclosure through timing side-channel attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13912","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05271","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05169","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05239","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05197","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05219","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05252","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06989","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07022","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07025","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06986","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06981","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06919","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06903","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07039","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13912"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/9148","reference_id":"9148","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-11T19:19:06Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/9148"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994704?format=json","purl":"pkg:deb/debian/wolfssl@5.9.0-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2025-13912"],"risk_score":0.5,"exploitability":"0.5","weighted_severity":"0.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9kev-ferz-5bhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97097?format=json","vulnerability_id":"VCID-9x14-2t7m-1kbm","summary":"Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3549","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07272","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07244","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07306","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07265","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20873","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20889","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20959","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20793","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20783","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20776","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20845","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.21017","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20734","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20812","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3549"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3549","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3549"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/9817","reference_id":"9817","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T01:37:47Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/9817"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994704?format=json","purl":"pkg:deb/debian/wolfssl@5.9.0-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-3549"],"risk_score":3.8,"exploitability":"0.5","weighted_severity":"7.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9x14-2t7m-1kbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351431?format=json","vulnerability_id":"VCID-bfap-h1d9-33dj","summary":"A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5504","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05034","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05052","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05016","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06933","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06846","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0696","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06965","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06828","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06973","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5504"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/10088","reference_id":"10088","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:33:56Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/10088"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835","reference_id":"1133835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-5504"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bfap-h1d9-33dj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95185?format=json","vulnerability_id":"VCID-cum2-vp1j-syfc","summary":"wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34293","reference_id":"","reference_type":"","scores":[{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76437","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76466","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76448","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.7648","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76494","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.7652","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76499","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76493","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76533","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76537","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76526","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76559","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76564","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76578","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34293","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34293"},{"reference_url":"https://github.com/wolfSSL/wolfssl/releases/tag/v5.4.0-stable","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/wolfSSL/wolfssl/releases/tag/v5.4.0-stable"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/08/08/6","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2022/08/08/6"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016981","reference_id":"1016981","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016981"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34293","reference_id":"CVE-2022-34293","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34293"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994672?format=json","purl":"pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15fz-hhc7-kyaa"},{"vulnerability":"VCID-1u3q-52yd-1bhe"},{"vulnerability":"VCID-24mg-wn6a-6bew"},{"vulnerability":"VCID-24s5-d6jt-4kfe"},{"vulnerability":"VCID-2ry7-trrg-gfdk"},{"vulnerability":"VCID-3gve-u4f4-bkht"},{"vulnerability":"VCID-47nm-nte5-27fm"},{"vulnerability":"VCID-4zda-zrq6-hbc8"},{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-6v8z-cfax-zqbh"},{"vulnerability":"VCID-75y2-h9uk-n3a6"},{"vulnerability":"VCID-7xbp-qkvv-bqgm"},{"vulnerability":"VCID-8735-ectc-j7a3"},{"vulnerability":"VCID-9hdy-aqa2-w3bd"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-9jpj-dfsf-qkce"},{"vulnerability":"VCID-9jw2-3v9v-ruap"},{"vulnerability":"VCID-9kev-ferz-5bhr"},{"vulnerability":"VCID-9x14-2t7m-1kbm"},{"vulnerability":"VCID-bfap-h1d9-33dj"},{"vulnerability":"VCID-cv4y-g4un-ckd4"},{"vulnerability":"VCID-cxhw-3w24-dkes"},{"vulnerability":"VCID-dpu2-4w42-kygw"},{"vulnerability":"VCID-euma-vgqx-sbau"},{"vulnerability":"VCID-f57c-kamk-3bct"},{"vulnerability":"VCID-f5kd-yqz2-nkcb"},{"vulnerability":"VCID-fmtp-x6y7-83g1"},{"vulnerability":"VCID-g5u9-khw6-4kgn"},{"vulnerability":"VCID-gcfd-w8je-kqfm"},{"vulnerability":"VCID-gdur-h588-vbb6"},{"vulnerability":"VCID-gmdj-a1ys-tqc2"},{"vulnerability":"VCID-gtdh-mytb-t3fh"},{"vulnerability":"VCID-h6na-nxxq-5yg9"},{"vulnerability":"VCID-hdbf-118z-2yec"},{"vulnerability":"VCID-hk8r-kk4v-1fa7"},{"vulnerability":"VCID-jc3b-m4ud-n7fw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-jxf4-y1au-5bhw"},{"vulnerability":"VCID-khur-3ax7-9fhb"},{"vulnerability":"VCID-n64w-nq6a-m7bv"},{"vulnerability":"VCID-n6uz-fe7m-uqhk"},{"vulnerability":"VCID-njbj-f91t-b7f4"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"},{"vulnerability":"VCID-su8x-6n42-n3d5"},{"vulnerability":"VCID-u24a-2khf-uyba"},{"vulnerability":"VCID-u55w-unmd-97cm"},{"vulnerability":"VCID-udcq-enxt-wyf1"},{"vulnerability":"VCID-ugd8-9xzt-xbdz"},{"vulnerability":"VCID-uvht-9bt9-hfbb"},{"vulnerability":"VCID-v3m6-zajw-bfhb"},{"vulnerability":"VCID-vugd-2jfz-23b5"},{"vulnerability":"VCID-x3uy-7crx-2kae"},{"vulnerability":"VCID-xfgd-4hs3-vygk"},{"vulnerability":"VCID-xuyn-pjpb-g7du"},{"vulnerability":"VCID-xxkx-w5pc-5uap"},{"vulnerability":"VCID-zhf4-y8v8-gubn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.4-2%252Bdeb12u2"}],"aliases":["CVE-2022-34293"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cum2-vp1j-syfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351434?format=json","vulnerability_id":"VCID-cv4y-g4un-ckd4","summary":"Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_DecodePacket. The underflow wraps a 16-bit length to a large value that is passed to AEAD decryption routines, causing a large out-of-bounds read and crash. An unauthenticated attacker can trigger this remotely via malformed TLS Application Data records.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5778","reference_id":"","reference_type":"","scores":[{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18817","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18865","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18765","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1882","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1888","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18861","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1897","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18982","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18988","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5778"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/10125","reference_id":"10125","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T13:53:21Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/10125"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835","reference_id":"1133835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-5778"],"risk_score":0.9,"exploitability":"0.5","weighted_severity":"1.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cv4y-g4un-ckd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96451?format=json","vulnerability_id":"VCID-cxhw-3w24-dkes","summary":"The server previously verified the TLS 1.3 PSK binder using a non-constant time method which could potentially leak information about the PSK binder","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11932","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02318","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02271","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02302","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02279","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.025","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02486","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02488","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02473","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02479","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0249","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02499","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02502","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02523","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11932"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121197","reference_id":"1121197","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121197"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/9223","reference_id":"9223","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T16:17:20Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/9223"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994704?format=json","purl":"pkg:deb/debian/wolfssl@5.9.0-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2025-11932"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cxhw-3w24-dkes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95931?format=json","vulnerability_id":"VCID-dpu2-4w42-kygw","summary":"Generating the ECDSA nonce k samples a random number r and then  truncates this randomness with a modular reduction mod n where n is the  order of the elliptic curve. Meaning k = r mod n. The division used  during the reduction estimates a factor q_e by dividing the upper two  digits (a digit having e.g. a size of 8 byte) of r by the upper digit of  n and then decrements q_e in a loop until it has the correct size.  Observing the number of times q_e is decremented through a control-flow  revealing side-channel reveals a bias in the most significant bits of  k. Depending on the curve this is either a negligible bias or a  significant bias large enough to reconstruct k with lattice reduction  methods. For SECP160R1, e.g., we find a bias of 15 bits.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1544","reference_id":"","reference_type":"","scores":[{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22835","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22763","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22819","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22857","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22871","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22916","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22708","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22783","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35609","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36008","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35958","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35729","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35697","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36023","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1544"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1544","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1544"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081789","reference_id":"1081789","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081789"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/7020","reference_id":"7020","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T19:14:00Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/7020"},{"reference_url":"https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable","reference_id":"v5.7.2-stable","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T19:14:00Z/"}],"url":"https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994673?format=json","purl":"pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15fz-hhc7-kyaa"},{"vulnerability":"VCID-24mg-wn6a-6bew"},{"vulnerability":"VCID-2ry7-trrg-gfdk"},{"vulnerability":"VCID-3gve-u4f4-bkht"},{"vulnerability":"VCID-4zda-zrq6-hbc8"},{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-6v8z-cfax-zqbh"},{"vulnerability":"VCID-75y2-h9uk-n3a6"},{"vulnerability":"VCID-8735-ectc-j7a3"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-9jpj-dfsf-qkce"},{"vulnerability":"VCID-9jw2-3v9v-ruap"},{"vulnerability":"VCID-9kev-ferz-5bhr"},{"vulnerability":"VCID-9x14-2t7m-1kbm"},{"vulnerability":"VCID-bfap-h1d9-33dj"},{"vulnerability":"VCID-cv4y-g4un-ckd4"},{"vulnerability":"VCID-cxhw-3w24-dkes"},{"vulnerability":"VCID-f57c-kamk-3bct"},{"vulnerability":"VCID-f5kd-yqz2-nkcb"},{"vulnerability":"VCID-fmtp-x6y7-83g1"},{"vulnerability":"VCID-g5u9-khw6-4kgn"},{"vulnerability":"VCID-gcfd-w8je-kqfm"},{"vulnerability":"VCID-gdur-h588-vbb6"},{"vulnerability":"VCID-gmdj-a1ys-tqc2"},{"vulnerability":"VCID-gtdh-mytb-t3fh"},{"vulnerability":"VCID-h6na-nxxq-5yg9"},{"vulnerability":"VCID-hdbf-118z-2yec"},{"vulnerability":"VCID-hk8r-kk4v-1fa7"},{"vulnerability":"VCID-jc3b-m4ud-n7fw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-jxf4-y1au-5bhw"},{"vulnerability":"VCID-khur-3ax7-9fhb"},{"vulnerability":"VCID-n64w-nq6a-m7bv"},{"vulnerability":"VCID-n6uz-fe7m-uqhk"},{"vulnerability":"VCID-njbj-f91t-b7f4"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"},{"vulnerability":"VCID-u55w-unmd-97cm"},{"vulnerability":"VCID-udcq-enxt-wyf1"},{"vulnerability":"VCID-ugd8-9xzt-xbdz"},{"vulnerability":"VCID-uvht-9bt9-hfbb"},{"vulnerability":"VCID-v3m6-zajw-bfhb"},{"vulnerability":"VCID-vugd-2jfz-23b5"},{"vulnerability":"VCID-x3uy-7crx-2kae"},{"vulnerability":"VCID-xuyn-pjpb-g7du"},{"vulnerability":"VCID-xxkx-w5pc-5uap"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1"}],"aliases":["CVE-2024-1544"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dpu2-4w42-kygw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96049?format=json","vulnerability_id":"VCID-euma-vgqx-sbau","summary":"Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2881","reference_id":"","reference_type":"","scores":[{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61477","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61466","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61482","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61402","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.6143","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.614","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61446","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61462","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61484","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.6147","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61452","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61491","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61495","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61479","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2881"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2881","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2881"},{"reference_url":"https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable","reference_id":"v5.7.0-stable","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-30T14:18:26Z/"}],"url":"https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994673?format=json","purl":"pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15fz-hhc7-kyaa"},{"vulnerability":"VCID-24mg-wn6a-6bew"},{"vulnerability":"VCID-2ry7-trrg-gfdk"},{"vulnerability":"VCID-3gve-u4f4-bkht"},{"vulnerability":"VCID-4zda-zrq6-hbc8"},{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-6v8z-cfax-zqbh"},{"vulnerability":"VCID-75y2-h9uk-n3a6"},{"vulnerability":"VCID-8735-ectc-j7a3"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-9jpj-dfsf-qkce"},{"vulnerability":"VCID-9jw2-3v9v-ruap"},{"vulnerability":"VCID-9kev-ferz-5bhr"},{"vulnerability":"VCID-9x14-2t7m-1kbm"},{"vulnerability":"VCID-bfap-h1d9-33dj"},{"vulnerability":"VCID-cv4y-g4un-ckd4"},{"vulnerability":"VCID-cxhw-3w24-dkes"},{"vulnerability":"VCID-f57c-kamk-3bct"},{"vulnerability":"VCID-f5kd-yqz2-nkcb"},{"vulnerability":"VCID-fmtp-x6y7-83g1"},{"vulnerability":"VCID-g5u9-khw6-4kgn"},{"vulnerability":"VCID-gcfd-w8je-kqfm"},{"vulnerability":"VCID-gdur-h588-vbb6"},{"vulnerability":"VCID-gmdj-a1ys-tqc2"},{"vulnerability":"VCID-gtdh-mytb-t3fh"},{"vulnerability":"VCID-h6na-nxxq-5yg9"},{"vulnerability":"VCID-hdbf-118z-2yec"},{"vulnerability":"VCID-hk8r-kk4v-1fa7"},{"vulnerability":"VCID-jc3b-m4ud-n7fw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-jxf4-y1au-5bhw"},{"vulnerability":"VCID-khur-3ax7-9fhb"},{"vulnerability":"VCID-n64w-nq6a-m7bv"},{"vulnerability":"VCID-n6uz-fe7m-uqhk"},{"vulnerability":"VCID-njbj-f91t-b7f4"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"},{"vulnerability":"VCID-u55w-unmd-97cm"},{"vulnerability":"VCID-udcq-enxt-wyf1"},{"vulnerability":"VCID-ugd8-9xzt-xbdz"},{"vulnerability":"VCID-uvht-9bt9-hfbb"},{"vulnerability":"VCID-v3m6-zajw-bfhb"},{"vulnerability":"VCID-vugd-2jfz-23b5"},{"vulnerability":"VCID-x3uy-7crx-2kae"},{"vulnerability":"VCID-xuyn-pjpb-g7du"},{"vulnerability":"VCID-xxkx-w5pc-5uap"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1"}],"aliases":["CVE-2024-2881"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-euma-vgqx-sbau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96935?format=json","vulnerability_id":"VCID-f4gq-hqcp-dqe2","summary":"In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned from RAND_bytes() after fork() is called. This can lead to weak or predictable random numbers generated in applications that are both using RAND_bytes() and doing fork() operations. This only affects applications explicitly calling RAND_bytes() after fork() and does not affect any internal TLS operations. Although RAND_bytes() documentation in OpenSSL calls out not being safe for use with fork() without first calling RAND_poll(), an additional code change was also made in wolfSSL to make RAND_bytes() behave similar to OpenSSL after a fork() call without calling RAND_poll(). Now the Hash-DRBG used gets reseeded after detecting running in a new process. If making use of RAND_bytes() and calling fork() we recommend updating to the latest version of wolfSSL. Thanks to Per Allansson from Appgate for the report.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-7394","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16926","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21509","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21536","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21644","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21398","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21477","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21547","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23006","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23209","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23016","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23009","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2322","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23236","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23229","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-7394"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7394","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7394"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109549","reference_id":"1109549","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109549"},{"reference_url":"https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-582-july-17-2025","reference_id":"ChangeLog.md#wolfssl-release-582-july-17-2025","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-21T15:00:11Z/"}],"url":"https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-582-july-17-2025"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994672?format=json","purl":"pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15fz-hhc7-kyaa"},{"vulnerability":"VCID-1u3q-52yd-1bhe"},{"vulnerability":"VCID-24mg-wn6a-6bew"},{"vulnerability":"VCID-24s5-d6jt-4kfe"},{"vulnerability":"VCID-2ry7-trrg-gfdk"},{"vulnerability":"VCID-3gve-u4f4-bkht"},{"vulnerability":"VCID-47nm-nte5-27fm"},{"vulnerability":"VCID-4zda-zrq6-hbc8"},{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-6v8z-cfax-zqbh"},{"vulnerability":"VCID-75y2-h9uk-n3a6"},{"vulnerability":"VCID-7xbp-qkvv-bqgm"},{"vulnerability":"VCID-8735-ectc-j7a3"},{"vulnerability":"VCID-9hdy-aqa2-w3bd"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-9jpj-dfsf-qkce"},{"vulnerability":"VCID-9jw2-3v9v-ruap"},{"vulnerability":"VCID-9kev-ferz-5bhr"},{"vulnerability":"VCID-9x14-2t7m-1kbm"},{"vulnerability":"VCID-bfap-h1d9-33dj"},{"vulnerability":"VCID-cv4y-g4un-ckd4"},{"vulnerability":"VCID-cxhw-3w24-dkes"},{"vulnerability":"VCID-dpu2-4w42-kygw"},{"vulnerability":"VCID-euma-vgqx-sbau"},{"vulnerability":"VCID-f57c-kamk-3bct"},{"vulnerability":"VCID-f5kd-yqz2-nkcb"},{"vulnerability":"VCID-fmtp-x6y7-83g1"},{"vulnerability":"VCID-g5u9-khw6-4kgn"},{"vulnerability":"VCID-gcfd-w8je-kqfm"},{"vulnerability":"VCID-gdur-h588-vbb6"},{"vulnerability":"VCID-gmdj-a1ys-tqc2"},{"vulnerability":"VCID-gtdh-mytb-t3fh"},{"vulnerability":"VCID-h6na-nxxq-5yg9"},{"vulnerability":"VCID-hdbf-118z-2yec"},{"vulnerability":"VCID-hk8r-kk4v-1fa7"},{"vulnerability":"VCID-jc3b-m4ud-n7fw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-jxf4-y1au-5bhw"},{"vulnerability":"VCID-khur-3ax7-9fhb"},{"vulnerability":"VCID-n64w-nq6a-m7bv"},{"vulnerability":"VCID-n6uz-fe7m-uqhk"},{"vulnerability":"VCID-njbj-f91t-b7f4"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"},{"vulnerability":"VCID-su8x-6n42-n3d5"},{"vulnerability":"VCID-u24a-2khf-uyba"},{"vulnerability":"VCID-u55w-unmd-97cm"},{"vulnerability":"VCID-udcq-enxt-wyf1"},{"vulnerability":"VCID-ugd8-9xzt-xbdz"},{"vulnerability":"VCID-uvht-9bt9-hfbb"},{"vulnerability":"VCID-v3m6-zajw-bfhb"},{"vulnerability":"VCID-vugd-2jfz-23b5"},{"vulnerability":"VCID-x3uy-7crx-2kae"},{"vulnerability":"VCID-xfgd-4hs3-vygk"},{"vulnerability":"VCID-xuyn-pjpb-g7du"},{"vulnerability":"VCID-xxkx-w5pc-5uap"},{"vulnerability":"VCID-zhf4-y8v8-gubn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.4-2%252Bdeb12u2"}],"aliases":["CVE-2025-7394"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f4gq-hqcp-dqe2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97112?format=json","vulnerability_id":"VCID-f57c-kamk-3bct","summary":"1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted content. Note that PKCS7 support is disabled by default.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4159","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04883","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04979","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04961","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04942","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04924","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04873","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0488","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04908","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04927","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04963","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05684","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05606","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0564","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05676","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4159"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4159","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4159"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/9945","reference_id":"9945","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Green"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T16:28:57Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/9945"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994704?format=json","purl":"pkg:deb/debian/wolfssl@5.9.0-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-4159"],"risk_score":0.6,"exploitability":"0.5","weighted_severity":"1.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f57c-kamk-3bct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351415?format=json","vulnerability_id":"VCID-f5kd-yqz2-nkcb","summary":"Two potential heap out-of-bounds write locations existed in DecodeObjectId() in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot before writing two OID arc values (out[0] and out[1]), enabling a 2-byte out-of-bounds write when outSz equals 1. Second, multiple callers pass sizeof(decOid) (64 bytes on 64-bit platforms) instead of the element count MAX_OID_SZ (32), causing the function to accept crafted OIDs with 33 or more arcs that write past the end of the allocated buffer.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5187","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12744","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12782","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12697","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14558","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14282","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14621","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14618","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14526","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1459","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5187"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5187","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5187"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835","reference_id":"1133835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835"},{"reference_url":"https://github.com/wolfSSL/wolfssl","reference_id":"wolfssl","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:03:11Z/"}],"url":"https://github.com/wolfSSL/wolfssl"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-5187"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f5kd-yqz2-nkcb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97096?format=json","vulnerability_id":"VCID-fmtp-x6y7-83g1","summary":"Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs, either of these out of bound writes could be triggered. Note this only affects builds that specifically enable CRL support, and the user would need to load a CRL from an untrusted source.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3548","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05441","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05475","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05479","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05516","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05537","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05511","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05498","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05491","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0545","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06177","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06125","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06138","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0617","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3548"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3548","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3548"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/9628/","reference_id":"9628","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-19T18:00:17Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/9628/"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/9873/","reference_id":"9873","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-19T18:00:17Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/9873/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994704?format=json","purl":"pkg:deb/debian/wolfssl@5.9.0-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-3548"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fmtp-x6y7-83g1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351426?format=json","vulnerability_id":"VCID-g5u9-khw6-4kgn","summary":"An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge CMAC tags. The function wc_CmacUpdate used the guard `if (cmac->totalSz != 0)` to skip XOR-chaining on the first block (where digest is all-zeros and the XOR is a no-op). However, totalSz is word32 and wraps to zero after 2^28 block flushes (4 GiB), causing the guard to erroneously discard the live CBC-MAC chain state. Any two messages sharing a common suffix beyond the 4 GiB mark then produce identical CMAC tags, enabling a zero-work prefix-substitution forgery. The fix removes the guard, making the XOR unconditional; the no-op property on the first block is preserved because digest is zero-initialized by wc_InitCmac_ex.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5477","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10327","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1292","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12885","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12839","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17377","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17335","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17343","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17283","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.1726","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5477"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/10102","reference_id":"10102","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T14:03:53Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/10102"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835","reference_id":"1133835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-5477"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g5u9-khw6-4kgn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96454?format=json","vulnerability_id":"VCID-gcfd-w8je-kqfm","summary":"With TLS 1.3 pre-shared key (PSK) a malicious or faulty server could ignore the request for PFS (perfect forward secrecy) and the client would continue on with the connection using PSK without PFS. This happened when a server responded to a ClientHello containing psk_dhe_ke without a key_share extension. The re-use of an authenticated PSK connection that on the clients side unexpectedly did not have PFS, reduces the security of the connection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11935","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01334","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01326","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01333","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01337","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01399","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01404","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01409","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01414","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01415","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01408","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01401","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01402","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01393","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01407","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11935"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11935","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11935"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121200","reference_id":"1121200","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121200"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/9112","reference_id":"9112","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:43:57Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/9112"},{"reference_url":"https://github.com/wolfSSL/wolfssl","reference_id":"wolfssl","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:43:57Z/"}],"url":"https://github.com/wolfSSL/wolfssl"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994704?format=json","purl":"pkg:deb/debian/wolfssl@5.9.0-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2025-11935"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gcfd-w8je-kqfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96453?format=json","vulnerability_id":"VCID-gdur-h588-vbb6","summary":"Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in wolfSSL 5.8.2 and earlier on multiple platforms allows for downgrading the signature algorithm used. For example when a client sends ECDSA P521 as the supported signature algorithm the server previously could respond as ECDSA P256 being the accepted signature algorithm and the connection would continue with using ECDSA P256, if the client supports ECDSA P256.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11934","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0324","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03194","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03199","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03193","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03087","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03101","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03102","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03107","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03131","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03094","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0307","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03058","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03034","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03043","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11934"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121199","reference_id":"1121199","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121199"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/9113","reference_id":"9113","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T16:22:47Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/9113"},{"reference_url":"https://github.com/wolfSSL/wolfssl","reference_id":"wolfssl","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T16:22:47Z/"}],"url":"https://github.com/wolfSSL/wolfssl"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994704?format=json","purl":"pkg:deb/debian/wolfssl@5.9.0-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2025-11934"],"risk_score":0.9,"exploitability":"0.5","weighted_severity":"1.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gdur-h588-vbb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97101?format=json","vulnerability_id":"VCID-gmdj-a1ys-tqc2","summary":"Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH (Encrypted Client Hello) support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client program crash. This could be exploited by a malicious TLS server supporting ECH. Note that ECH is off by default, and is only enabled with enable-ech.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3849","reference_id":"","reference_type":"","scores":[{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41985","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42022","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41984","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.4197","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42019","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41993","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42012","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41938","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41989","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44071","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44233","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44151","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44155","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3849"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3849","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3849"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/9737","reference_id":"9737","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/V:D/RE:M/U:Amber"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T14:21:05Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/9737"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994704?format=json","purl":"pkg:deb/debian/wolfssl@5.9.0-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-3849"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gmdj-a1ys-tqc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351428?format=json","vulnerability_id":"VCID-gtdh-mytb-t3fh","summary":"wolfSSL's wc_PKCS7_DecodeAuthEnvelopedData() does not properly sanitize the AES-GCM authentication tag length received and has no lower bounds check. A man-in-the-middle can therefore truncate the mac field from 16 bytes to 1 byte, reducing the tag check from 2⁻¹²⁸ to 2⁻⁸.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5500","reference_id":"","reference_type":"","scores":[{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.25942","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.3287","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32831","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32806","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34363","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34418","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34405","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.33992","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.33972","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5500"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/10102","reference_id":"10102","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T13:42:21Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/10102"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835","reference_id":"1133835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-5500"],"risk_score":3.9,"exploitability":"0.5","weighted_severity":"7.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gtdh-mytb-t3fh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96982?format=json","vulnerability_id":"VCID-h6na-nxxq-5yg9","summary":"A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wc_PKCS7_BuildSignedAttributes(), when adding custom signed attributes, the code passes an incorrect capacity value (esd->signedAttribsCount) to EncodeAttributes() instead of the remaining available space in the fixed-size signedAttribs[7] array. When an application sets pkcs7->signedAttribsSz to a value greater than MAX_SIGNED_ATTRIBS_SZ (default 7) minus the number of default attributes already added, EncodeAttributes() writes beyond the array bounds, causing stack memory corruption. In WOLFSSL_SMALL_STACK builds, this becomes heap corruption. Exploitation requires an application that allows untrusted input to control the signedAttribs array size when calling wc_PKCS7_EncodeSignedData() or related signing functions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0819","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05879","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05981","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05962","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05953","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05944","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05908","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05919","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05912","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05904","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05942","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06627","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06602","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06616","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06632","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0819"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0819"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/9630","reference_id":"9630","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-19T17:19:26Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/9630"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994704?format=json","purl":"pkg:deb/debian/wolfssl@5.9.0-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-0819"],"risk_score":1.0,"exploitability":"0.5","weighted_severity":"2.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h6na-nxxq-5yg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351425?format=json","vulnerability_id":"VCID-hdbf-118z-2yec","summary":"wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the signature blob via `mp_read_unsigned_bin` with no check that they lie in `[1, q-1]`. A crafted forged signature could verify against any message for any identity, using only publicly-known constants.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5466","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01442","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01449","published_at":"2026-04-11T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00829","published_at":"2026-04-26T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00825","published_at":"2026-04-29T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00828","published_at":"2026-04-24T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00777","published_at":"2026-04-16T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00781","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5466"},{"reference_url":"https://github.com/wolfssl/wolfssl/pull/10102","reference_id":"10102","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-10T13:43:28Z/"}],"url":"https://github.com/wolfssl/wolfssl/pull/10102"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835","reference_id":"1133835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-5466"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hdbf-118z-2yec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96469?format=json","vulnerability_id":"VCID-hk8r-kk4v-1fa7","summary":"Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of X25519, which is now turned on as the default for Xtensa.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12888","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01922","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01954","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01932","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01926","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04881","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04859","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04786","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04815","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04763","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04772","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04836","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04809","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04826","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04864","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12888"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12888","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12888"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121204","reference_id":"1121204","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121204"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994704?format=json","purl":"pkg:deb/debian/wolfssl@5.9.0-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2025-12888"],"risk_score":0.2,"exploitability":"0.5","weighted_severity":"0.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hk8r-kk4v-1fa7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351427?format=json","vulnerability_id":"VCID-jc3b-m4ud-n7fw","summary":"In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher finalization functions) fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption, the implementation computes or accepts the tag but does not compare it against the expected value.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5479","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00507","published_at":"2026-04-12T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.0051","published_at":"2026-04-11T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00509","published_at":"2026-04-13T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00777","published_at":"2026-04-29T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00779","published_at":"2026-04-24T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.0078","published_at":"2026-04-26T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00731","published_at":"2026-04-16T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00735","published_at":"2026-04-18T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00778","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5479"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5479","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5479"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/10102","reference_id":"10102","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-10T13:43:58Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/10102"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835","reference_id":"1133835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-5479"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jc3b-m4ud-n7fw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351424?format=json","vulnerability_id":"VCID-jvnf-vh29-ufdh","summary":"A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography (PQC) hybrid KeyShare processing. In the error handling path of TLSX_KeyShare_ProcessPqcHybridClient() in src/tls.c, the inner function TLSX_KeyShare_ProcessPqcClient_ex() frees a KyberKey object upon encountering an error. The caller then invokes TLSX_KeyShare_FreeAll(), which attempts to call ForceZero() on the already-freed KyberKey, resulting in writes of zero bytes over freed heap memory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5460","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12885","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1292","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12839","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.172","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17283","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.1726","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17335","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17343","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17377","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5460"},{"reference_url":"https://github.com/wolfssl/wolfssl/pull/10092","reference_id":"10092","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T13:51:11Z/"}],"url":"https://github.com/wolfssl/wolfssl/pull/10092"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835","reference_id":"1133835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-5460"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jvnf-vh29-ufdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97114?format=json","vulnerability_id":"VCID-jxf4-y1au-5bhw","summary":"Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffer via a crafted oversized EC public key point. The WOLFSSL_KCAPI_ECC code path copies the input to key->pubkey_raw (132 bytes) using XMEMCPY without a bounds check, unlike the ATECC code path which includes a length validation. This can be triggered during TLS key exchange when a malicious peer sends a crafted ECPoint in ServerKeyExchange.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4395","reference_id":"","reference_type":"","scores":[{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.32057","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.32","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.32003","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31962","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31928","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31961","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31939","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.32097","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31919","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31971","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.3331","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33779","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33411","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33392","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4395"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4395","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4395"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/9988","reference_id":"9988","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/AU:Y/R:U/V:D/RE:L/U:Amber"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T17:09:25Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/9988"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994704?format=json","purl":"pkg:deb/debian/wolfssl@5.9.0-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-4395"],"risk_score":0.6,"exploitability":"0.5","weighted_severity":"1.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jxf4-y1au-5bhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96450?format=json","vulnerability_id":"VCID-khur-3ax7-9fhb","summary":"Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wc_XChaCha20Poly1305_Decrypt() which is not used with TLS connections, only from direct calls from an application.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11931","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05834","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05825","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0556","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05598","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05594","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05633","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05658","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05631","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05622","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05616","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05568","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05582","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05757","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05789","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11931"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121196","reference_id":"1121196","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121196"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/9223","reference_id":"9223","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T15:41:59Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/9223"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994704?format=json","purl":"pkg:deb/debian/wolfssl@5.9.0-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2025-11931"],"risk_score":0.9,"exploitability":"0.5","weighted_severity":"1.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-khur-3ax7-9fhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97099?format=json","vulnerability_id":"VCID-n64w-nq6a-m7bv","summary":"In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_9 is optimized into conditional branches (bnez) by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret keys via timing analysis.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3580","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02074","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02072","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02057","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02053","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02029","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02043","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0208","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02075","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02077","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02094","published_at":"2026-04-09T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00288","published_at":"2026-04-24T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00286","published_at":"2026-04-26T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00281","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3580"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3580","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3580"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/9855","reference_id":"9855","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T20:25:11Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/9855"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994704?format=json","purl":"pkg:deb/debian/wolfssl@5.9.0-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-3580"],"risk_score":0.9,"exploitability":"0.5","weighted_severity":"1.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n64w-nq6a-m7bv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351430?format=json","vulnerability_id":"VCID-n6uz-fe7m-uqhk","summary":"In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find returned NULL. This caused TLSX_UseSNI to attach the attacker-controlled publicName to the shared WOLFSSL_CTX when no inner SNI was configured. TLSX_EchRestoreSNI then failed to clean it up because its removal was gated on serverNameX != NULL. The inner ClientHello was sized before the pollution but written after it, causing TLSX_SNI_Write to memcpy 255 bytes past the allocation boundary.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5503","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12885","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1292","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12839","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14997","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17377","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17335","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17343","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17283","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.1726","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5503"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/10102","reference_id":"10102","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:58:43Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/10102"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835","reference_id":"1133835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-5503"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n6uz-fe7m-uqhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96452?format=json","vulnerability_id":"VCID-njbj-f91t-b7f4","summary":"Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to potentially cause a denial-of-service via a crafted ClientHello message with duplicate CKS extensions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11933","reference_id":"","reference_type":"","scores":[{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16335","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16337","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16445","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16291","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17626","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17708","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17598","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17545","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.1749","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17499","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17644","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17755","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17476","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17566","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11933"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121198","reference_id":"1121198","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121198"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/9132","reference_id":"9132","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T16:20:56Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/9132"},{"reference_url":"https://github.com/wolfSSL/wolfssl","reference_id":"wolfssl","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T16:20:56Z/"}],"url":"https://github.com/wolfSSL/wolfssl"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994704?format=json","purl":"pkg:deb/debian/wolfssl@5.9.0-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2025-11933"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-njbj-f91t-b7f4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351418?format=json","vulnerability_id":"VCID-nqhj-d7uw-43hd","summary":"Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5264","reference_id":"","reference_type":"","scores":[{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40079","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40116","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40059","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47323","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47367","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47376","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47435","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47429","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.4738","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5264"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5264","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5264"},{"reference_url":"https://github.com/wolfssl/wolfssl/pull/10076","reference_id":"10076","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-10T13:55:34Z/"}],"url":"https://github.com/wolfssl/wolfssl/pull/10076"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835","reference_id":"1133835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-5264"],"risk_score":3.8,"exploitability":"0.5","weighted_severity":"7.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nqhj-d7uw-43hd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351419?format=json","vulnerability_id":"VCID-srmp-3tvp-9uhv","summary":"A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wc_PKCS7_DecryptOri() function in wolfcrypt/src/pkcs7.c. When processing a CMS EnvelopedData message containing an OtherRecipientInfo (ORI) recipient, the function copies an ASN.1-parsed OID into a fixed 32-byte stack buffer (oriOID[MAX_OID_SZ]) via XMEMCPY without first validating that the parsed OID length does not exceed MAX_OID_SZ. A crafted CMS EnvelopedData message with an ORI recipient containing an OID longer than 32 bytes triggers a stack buffer overflow. Exploitation requires the library to be built with --enable-pkcs7 (disabled by default) and the application to have registered an ORI decrypt callback via wc_PKCS7_SetOriDecryptCb().","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5295","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03765","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03785","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03738","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05408","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05173","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05367","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0541","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05178","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05332","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5295"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5295","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5295"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/10116","reference_id":"10116","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:32:50Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/10116"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835","reference_id":"1133835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-5295"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-srmp-3tvp-9uhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95914?format=json","vulnerability_id":"VCID-su8x-6n42-n3d5","summary":"Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-0901","reference_id":"","reference_type":"","scores":[{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46184","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46178","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46206","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46183","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.4616","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.4618","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46128","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53761","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53831","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53835","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53815","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53782","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53794","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-0901"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0901","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0901"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067799","reference_id":"1067799","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067799"},{"reference_url":"https://github.com/wolfSSL/wolfssl/issues/7089","reference_id":"7089","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T18:38:31Z/"}],"url":"https://github.com/wolfSSL/wolfssl/issues/7089"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/7099","reference_id":"7099","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T18:38:31Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/7099"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994673?format=json","purl":"pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15fz-hhc7-kyaa"},{"vulnerability":"VCID-24mg-wn6a-6bew"},{"vulnerability":"VCID-2ry7-trrg-gfdk"},{"vulnerability":"VCID-3gve-u4f4-bkht"},{"vulnerability":"VCID-4zda-zrq6-hbc8"},{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-6v8z-cfax-zqbh"},{"vulnerability":"VCID-75y2-h9uk-n3a6"},{"vulnerability":"VCID-8735-ectc-j7a3"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-9jpj-dfsf-qkce"},{"vulnerability":"VCID-9jw2-3v9v-ruap"},{"vulnerability":"VCID-9kev-ferz-5bhr"},{"vulnerability":"VCID-9x14-2t7m-1kbm"},{"vulnerability":"VCID-bfap-h1d9-33dj"},{"vulnerability":"VCID-cv4y-g4un-ckd4"},{"vulnerability":"VCID-cxhw-3w24-dkes"},{"vulnerability":"VCID-f57c-kamk-3bct"},{"vulnerability":"VCID-f5kd-yqz2-nkcb"},{"vulnerability":"VCID-fmtp-x6y7-83g1"},{"vulnerability":"VCID-g5u9-khw6-4kgn"},{"vulnerability":"VCID-gcfd-w8je-kqfm"},{"vulnerability":"VCID-gdur-h588-vbb6"},{"vulnerability":"VCID-gmdj-a1ys-tqc2"},{"vulnerability":"VCID-gtdh-mytb-t3fh"},{"vulnerability":"VCID-h6na-nxxq-5yg9"},{"vulnerability":"VCID-hdbf-118z-2yec"},{"vulnerability":"VCID-hk8r-kk4v-1fa7"},{"vulnerability":"VCID-jc3b-m4ud-n7fw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-jxf4-y1au-5bhw"},{"vulnerability":"VCID-khur-3ax7-9fhb"},{"vulnerability":"VCID-n64w-nq6a-m7bv"},{"vulnerability":"VCID-n6uz-fe7m-uqhk"},{"vulnerability":"VCID-njbj-f91t-b7f4"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"},{"vulnerability":"VCID-u55w-unmd-97cm"},{"vulnerability":"VCID-udcq-enxt-wyf1"},{"vulnerability":"VCID-ugd8-9xzt-xbdz"},{"vulnerability":"VCID-uvht-9bt9-hfbb"},{"vulnerability":"VCID-v3m6-zajw-bfhb"},{"vulnerability":"VCID-vugd-2jfz-23b5"},{"vulnerability":"VCID-x3uy-7crx-2kae"},{"vulnerability":"VCID-xuyn-pjpb-g7du"},{"vulnerability":"VCID-xxkx-w5pc-5uap"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1"}],"aliases":["CVE-2024-0901"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-su8x-6n42-n3d5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95893?format=json","vulnerability_id":"VCID-u24a-2khf-uyba","summary":"wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6937","reference_id":"","reference_type":"","scores":[{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63303","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63272","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63291","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63305","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63219","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63248","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63214","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63265","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63283","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.633","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63284","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63285","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63293","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6937"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6937","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6937"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059357","reference_id":"1059357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059357"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/7029","reference_id":"7029","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T15:13:21Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/7029"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994673?format=json","purl":"pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15fz-hhc7-kyaa"},{"vulnerability":"VCID-24mg-wn6a-6bew"},{"vulnerability":"VCID-2ry7-trrg-gfdk"},{"vulnerability":"VCID-3gve-u4f4-bkht"},{"vulnerability":"VCID-4zda-zrq6-hbc8"},{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-6v8z-cfax-zqbh"},{"vulnerability":"VCID-75y2-h9uk-n3a6"},{"vulnerability":"VCID-8735-ectc-j7a3"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-9jpj-dfsf-qkce"},{"vulnerability":"VCID-9jw2-3v9v-ruap"},{"vulnerability":"VCID-9kev-ferz-5bhr"},{"vulnerability":"VCID-9x14-2t7m-1kbm"},{"vulnerability":"VCID-bfap-h1d9-33dj"},{"vulnerability":"VCID-cv4y-g4un-ckd4"},{"vulnerability":"VCID-cxhw-3w24-dkes"},{"vulnerability":"VCID-f57c-kamk-3bct"},{"vulnerability":"VCID-f5kd-yqz2-nkcb"},{"vulnerability":"VCID-fmtp-x6y7-83g1"},{"vulnerability":"VCID-g5u9-khw6-4kgn"},{"vulnerability":"VCID-gcfd-w8je-kqfm"},{"vulnerability":"VCID-gdur-h588-vbb6"},{"vulnerability":"VCID-gmdj-a1ys-tqc2"},{"vulnerability":"VCID-gtdh-mytb-t3fh"},{"vulnerability":"VCID-h6na-nxxq-5yg9"},{"vulnerability":"VCID-hdbf-118z-2yec"},{"vulnerability":"VCID-hk8r-kk4v-1fa7"},{"vulnerability":"VCID-jc3b-m4ud-n7fw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-jxf4-y1au-5bhw"},{"vulnerability":"VCID-khur-3ax7-9fhb"},{"vulnerability":"VCID-n64w-nq6a-m7bv"},{"vulnerability":"VCID-n6uz-fe7m-uqhk"},{"vulnerability":"VCID-njbj-f91t-b7f4"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"},{"vulnerability":"VCID-u55w-unmd-97cm"},{"vulnerability":"VCID-udcq-enxt-wyf1"},{"vulnerability":"VCID-ugd8-9xzt-xbdz"},{"vulnerability":"VCID-uvht-9bt9-hfbb"},{"vulnerability":"VCID-v3m6-zajw-bfhb"},{"vulnerability":"VCID-vugd-2jfz-23b5"},{"vulnerability":"VCID-x3uy-7crx-2kae"},{"vulnerability":"VCID-xuyn-pjpb-g7du"},{"vulnerability":"VCID-xxkx-w5pc-5uap"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1"}],"aliases":["CVE-2023-6937"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u24a-2khf-uyba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351107?format=json","vulnerability_id":"VCID-u55w-unmd-97cm","summary":"wolfSSL: wolfSSL: Heap buffer overflow via AuthorityKeyIdentifier size confusion","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5447.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5447.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5447","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09455","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09482","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09438","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12948","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13083","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13052","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12989","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12992","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1309","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5447","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5447"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/10112","reference_id":"10112","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:07:18Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/10112"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835","reference_id":"1133835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457074","reference_id":"2457074","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457074"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-5447"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u55w-unmd-97cm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351423?format=json","vulnerability_id":"VCID-udcq-enxt-wyf1","summary":"X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. This is only triggered when calling these two APIs directly from an application, and does not affect TLS or certificate verify operations in wolfSSL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5448","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02806","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02825","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02801","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0447","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04408","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04429","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04253","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04263","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04389","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5448"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/10071","reference_id":"10071","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/U:Green"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T13:51:49Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/10071"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835","reference_id":"1133835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-5448"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-udcq-enxt-wyf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351429?format=json","vulnerability_id":"VCID-ugd8-9xzt-xbdz","summary":"wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints `CA:FALSE` that is legitimately signed by a trusted root. An attacker who obtains any leaf certificate from a trusted CA (e.g. a free DV cert from Let's Encrypt) can forge a certificate for any subject name with any public key and arbitrary signature bytes, and the function returns `WOLFSSL_SUCCESS` / `X509_V_OK`. The native wolfSSL TLS handshake path (`ProcessPeerCerts`) is not susceptible and the issue is limited to applications using the OpenSSL compatibility API directly, which would include integrations of wolfSSL into nginx and haproxy.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5501","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05567","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06106","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06101","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06093","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07058","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06956","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0694","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07073","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07062","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5501"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5501","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5501"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/10102","reference_id":"10102","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-10T13:42:50Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T03:55:48Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/10102"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835","reference_id":"1133835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-5501"],"risk_score":3.9,"exploitability":"0.5","weighted_severity":"7.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ugd8-9xzt-xbdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97068?format=json","vulnerability_id":"VCID-uvht-9bt9-hfbb","summary":"Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does not affect the client's authentication of the server during TLS handshakes.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3230","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1932","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19372","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19088","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19168","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19221","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19227","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1918","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20023","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20018","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20036","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21351","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21329","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.215","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21353","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3230"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3230","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3230"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/9754","reference_id":"9754","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/AU:Y/R:A/V:D/U:Clear"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T17:08:54Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/9754"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994704?format=json","purl":"pkg:deb/debian/wolfssl@5.9.0-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-3230"],"risk_score":0.6,"exploitability":"0.5","weighted_severity":"1.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uvht-9bt9-hfbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97067?format=json","vulnerability_id":"VCID-v3m6-zajw-bfhb","summary":"An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certificate buffer. wolfssl_add_to_chain is called by these API: wolfSSL_CTX_add_extra_chain_cert, wolfSSL_CTX_add1_chain_cert, wolfSSL_add0_chain_cert. These API are enabled for 3rd party compatibility features: enable-opensslall, enable-opensslextra, enable-lighty, enable-stunnel, enable-nginx, enable-haproxy. This issue is not remotely exploitable, and would require that the application context loading certificates is compromised.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3229","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02087","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02107","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02084","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02069","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02064","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02039","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02052","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02094","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02088","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02089","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0308","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03049","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03047","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03035","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3229"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3229","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3229"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/9827","reference_id":"9827","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T16:29:39Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/9827"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994704?format=json","purl":"pkg:deb/debian/wolfssl@5.9.0-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-3229"],"risk_score":0.6,"exploitability":"0.5","weighted_severity":"1.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v3m6-zajw-bfhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351422?format=json","vulnerability_id":"VCID-vugd-2jfz-23b5","summary":"In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wc_AriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is zero-initialized at session setup and never incremented in non-FIPS builds. This vulnerability affects wolfSSL builds configured with --enable-aria and the proprietary MagicCrypto SDK (a non-default, opt-in configuration required for Korean regulatory deployments). AES-GCM is not affected because wc_AesGcmEncrypt_ex maintains an internal invocation counter independently of the call-site guard.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5446","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12744","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12782","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12697","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14298","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14379","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14353","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14282","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14351","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5446"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5446","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5446"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/10111","reference_id":"10111","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:11:44Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/10111"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835","reference_id":"1133835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-5446"],"risk_score":2.7,"exploitability":"0.5","weighted_severity":"5.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vugd-2jfz-23b5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351417?format=json","vulnerability_id":"VCID-x3uy-7crx-2kae","summary":"URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL would accept them as valid.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5263","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05484","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05497","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05477","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07457","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.075","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07489","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07422","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07411","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0754","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5263"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5263","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5263"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/10048","reference_id":"10048","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:08:58Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/10048"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835","reference_id":"1133835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-5263"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x3uy-7crx-2kae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96263?format=json","vulnerability_id":"VCID-xfgd-4hs3-vygk","summary":"An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys,  such as in server-side TLS connections, the connection is halted if any fault occurs. The success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-5288","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24991","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25049","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25036","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25289","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2533","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25107","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25176","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25221","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25235","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25193","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2514","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2515","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25108","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-5288"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5288","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5288"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081790","reference_id":"1081790","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081790"},{"reference_url":"https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable","reference_id":"v5.7.2-stable","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T19:22:54Z/"}],"url":"https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994673?format=json","purl":"pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15fz-hhc7-kyaa"},{"vulnerability":"VCID-24mg-wn6a-6bew"},{"vulnerability":"VCID-2ry7-trrg-gfdk"},{"vulnerability":"VCID-3gve-u4f4-bkht"},{"vulnerability":"VCID-4zda-zrq6-hbc8"},{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-6v8z-cfax-zqbh"},{"vulnerability":"VCID-75y2-h9uk-n3a6"},{"vulnerability":"VCID-8735-ectc-j7a3"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-9jpj-dfsf-qkce"},{"vulnerability":"VCID-9jw2-3v9v-ruap"},{"vulnerability":"VCID-9kev-ferz-5bhr"},{"vulnerability":"VCID-9x14-2t7m-1kbm"},{"vulnerability":"VCID-bfap-h1d9-33dj"},{"vulnerability":"VCID-cv4y-g4un-ckd4"},{"vulnerability":"VCID-cxhw-3w24-dkes"},{"vulnerability":"VCID-f57c-kamk-3bct"},{"vulnerability":"VCID-f5kd-yqz2-nkcb"},{"vulnerability":"VCID-fmtp-x6y7-83g1"},{"vulnerability":"VCID-g5u9-khw6-4kgn"},{"vulnerability":"VCID-gcfd-w8je-kqfm"},{"vulnerability":"VCID-gdur-h588-vbb6"},{"vulnerability":"VCID-gmdj-a1ys-tqc2"},{"vulnerability":"VCID-gtdh-mytb-t3fh"},{"vulnerability":"VCID-h6na-nxxq-5yg9"},{"vulnerability":"VCID-hdbf-118z-2yec"},{"vulnerability":"VCID-hk8r-kk4v-1fa7"},{"vulnerability":"VCID-jc3b-m4ud-n7fw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-jxf4-y1au-5bhw"},{"vulnerability":"VCID-khur-3ax7-9fhb"},{"vulnerability":"VCID-n64w-nq6a-m7bv"},{"vulnerability":"VCID-n6uz-fe7m-uqhk"},{"vulnerability":"VCID-njbj-f91t-b7f4"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"},{"vulnerability":"VCID-u55w-unmd-97cm"},{"vulnerability":"VCID-udcq-enxt-wyf1"},{"vulnerability":"VCID-ugd8-9xzt-xbdz"},{"vulnerability":"VCID-uvht-9bt9-hfbb"},{"vulnerability":"VCID-v3m6-zajw-bfhb"},{"vulnerability":"VCID-vugd-2jfz-23b5"},{"vulnerability":"VCID-x3uy-7crx-2kae"},{"vulnerability":"VCID-xuyn-pjpb-g7du"},{"vulnerability":"VCID-xxkx-w5pc-5uap"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1"}],"aliases":["CVE-2024-5288"],"risk_score":2.3,"exploitability":"0.5","weighted_severity":"4.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xfgd-4hs3-vygk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97035?format=json","vulnerability_id":"VCID-xuyn-pjpb-g7du","summary":"A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When deserializing session data with SESSION_CERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and corrupt heap memory. A maliciously crafted session would need to be loaded from an external source to trigger this vulnerability. Internal sessions were not vulnerable.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2646","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02167","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02172","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02168","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02189","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02166","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02151","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02148","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02123","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02135","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03241","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03195","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03201","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03194","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2646"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2646","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2646"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/9748","reference_id":"9748","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:43:50Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/9748"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/9949","reference_id":"9949","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:43:50Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/9949"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994704?format=json","purl":"pkg:deb/debian/wolfssl@5.9.0-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2026-2646"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xuyn-pjpb-g7du"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96455?format=json","vulnerability_id":"VCID-xxkx-w5pc-5uap","summary":"Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group, leading to excessive CPU and memory consumption during ClientHello processing.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11936","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12433","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12466","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12461","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12322","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13473","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13483","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13412","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13366","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13272","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1327","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13447","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13544","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1334","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13423","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11936"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11936","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11936"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121202","reference_id":"1121202","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121202"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/9117","reference_id":"9117","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T16:19:13Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/9117"},{"reference_url":"https://github.com/wolfSSL/wolfssl","reference_id":"wolfssl","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T16:19:13Z/"}],"url":"https://github.com/wolfSSL/wolfssl"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994704?format=json","purl":"pkg:deb/debian/wolfssl@5.9.0-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1076509?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1"}],"aliases":["CVE-2025-11936"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xxkx-w5pc-5uap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95891?format=json","vulnerability_id":"VCID-zhf4-y8v8-gubn","summary":"wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure:  --enable-all CFLAGS=\"-DWOLFSSL_STATIC_RSA\"  The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6.  Therefore the default build since 3.6.6, even with \"--enable-all\", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent.  The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server’s private key is not exposed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6935","reference_id":"","reference_type":"","scores":[{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54588","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54592","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54604","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54642","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54622","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.5461","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54615","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54584","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54635","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.5463","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54643","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54626","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6935"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6935","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6935"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059357","reference_id":"1059357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059357"},{"reference_url":"https://people.redhat.com/~hkario/marvin/","reference_id":"marvin","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T12:48:11Z/"}],"url":"https://people.redhat.com/~hkario/marvin/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994673?format=json","purl":"pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15fz-hhc7-kyaa"},{"vulnerability":"VCID-24mg-wn6a-6bew"},{"vulnerability":"VCID-2ry7-trrg-gfdk"},{"vulnerability":"VCID-3gve-u4f4-bkht"},{"vulnerability":"VCID-4zda-zrq6-hbc8"},{"vulnerability":"VCID-4zyq-af27-yqa4"},{"vulnerability":"VCID-6v8z-cfax-zqbh"},{"vulnerability":"VCID-75y2-h9uk-n3a6"},{"vulnerability":"VCID-8735-ectc-j7a3"},{"vulnerability":"VCID-9jb1-k32z-w7gw"},{"vulnerability":"VCID-9jpj-dfsf-qkce"},{"vulnerability":"VCID-9jw2-3v9v-ruap"},{"vulnerability":"VCID-9kev-ferz-5bhr"},{"vulnerability":"VCID-9x14-2t7m-1kbm"},{"vulnerability":"VCID-bfap-h1d9-33dj"},{"vulnerability":"VCID-cv4y-g4un-ckd4"},{"vulnerability":"VCID-cxhw-3w24-dkes"},{"vulnerability":"VCID-f57c-kamk-3bct"},{"vulnerability":"VCID-f5kd-yqz2-nkcb"},{"vulnerability":"VCID-fmtp-x6y7-83g1"},{"vulnerability":"VCID-g5u9-khw6-4kgn"},{"vulnerability":"VCID-gcfd-w8je-kqfm"},{"vulnerability":"VCID-gdur-h588-vbb6"},{"vulnerability":"VCID-gmdj-a1ys-tqc2"},{"vulnerability":"VCID-gtdh-mytb-t3fh"},{"vulnerability":"VCID-h6na-nxxq-5yg9"},{"vulnerability":"VCID-hdbf-118z-2yec"},{"vulnerability":"VCID-hk8r-kk4v-1fa7"},{"vulnerability":"VCID-jc3b-m4ud-n7fw"},{"vulnerability":"VCID-jvnf-vh29-ufdh"},{"vulnerability":"VCID-jxf4-y1au-5bhw"},{"vulnerability":"VCID-khur-3ax7-9fhb"},{"vulnerability":"VCID-n64w-nq6a-m7bv"},{"vulnerability":"VCID-n6uz-fe7m-uqhk"},{"vulnerability":"VCID-njbj-f91t-b7f4"},{"vulnerability":"VCID-nqhj-d7uw-43hd"},{"vulnerability":"VCID-srmp-3tvp-9uhv"},{"vulnerability":"VCID-u55w-unmd-97cm"},{"vulnerability":"VCID-udcq-enxt-wyf1"},{"vulnerability":"VCID-ugd8-9xzt-xbdz"},{"vulnerability":"VCID-uvht-9bt9-hfbb"},{"vulnerability":"VCID-v3m6-zajw-bfhb"},{"vulnerability":"VCID-vugd-2jfz-23b5"},{"vulnerability":"VCID-x3uy-7crx-2kae"},{"vulnerability":"VCID-xuyn-pjpb-g7du"},{"vulnerability":"VCID-xxkx-w5pc-5uap"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1"}],"aliases":["CVE-2023-6935"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zhf4-y8v8-gubn"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@4.6.0%252Bp1-0%252Bdeb11u2"}