Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-n7xs-mgeg-jued

Summary

Out-of-bounds Write
Issue summary: The POLY1305 MAC (message authentication code) implementation
contains a bug that might corrupt the internal state of applications running
on PowerPC CPU based platforms if the CPU provides vector instructions.

Impact summary: If an attacker can influence whether the POLY1305 MAC
algorithm is used, the application state might be corrupted with various
application dependent consequences.

The POLY1305 MAC (message authentication code) implementation in OpenSSL for
PowerPC CPUs restores the contents of vector registers in a different order
than they are saved. Thus the contents of some of these vector registers
are corrupted when returning to the caller. The vulnerable code is used only
on newer PowerPC processors supporting the PowerISA 2.07 instructions.

The consequences of this kind of internal application state corruption can
be various - from no consequences, if the calling application does not
depend on the contents of non-volatile XMM registers at all, to the worst
consequences, where the attacker could get complete control of the application
process. However unless the compiler uses the vector registers for storing
pointers, the most likely consequence, if any, would be an incorrect result
of some application dependent calculations or a crash leading to a denial of
service.

The POLY1305 MAC algorithm is most frequently used as part of the
CHACHA20-POLY1305 AEAD (authenticated encryption with associated data)
algorithm. The most common usage of this AEAD cipher is with TLS protocol
versions 1.2 and 1.3. If this cipher is enabled on the server a malicious
client can influence whether this AEAD cipher is used. This implies that
TLS server applications using OpenSSL can be potentially impacted. However
we are currently not aware of any concrete application that would be affected
by this issue therefore we consider this a Low severity security issue.

Aliases

alias	CVE-2023-6129

Fixed_packages

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=aarch64&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=aarch64&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=aarch64&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=aarch64&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=aarch64&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=aarch64&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=aarch64&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=aarch64&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=aarch64&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=armhf&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=armhf&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=armhf&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=armhf&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=armhf&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=armhf&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=armhf&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=armhf&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=armhf&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=armv7&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=armv7&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=armv7&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=armv7&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=armv7&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=armv7&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=armv7&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=armv7&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=armv7&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=loongarch64&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=loongarch64&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=loongarch64&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=loongarch64&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=loongarch64&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=loongarch64&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=loongarch64&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=loongarch64&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=loongarch64&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=ppc64le&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=ppc64le&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=ppc64le&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=ppc64le&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=ppc64le&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=ppc64le&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=ppc64le&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=ppc64le&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=ppc64le&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=riscv64&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=riscv64&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=riscv64&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=riscv64&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=riscv64&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=riscv64&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=riscv64&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=riscv64&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=riscv64&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=s390x&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=s390x&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=s390x&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=s390x&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=s390x&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=s390x&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=s390x&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=s390x&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=s390x&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=x86_64&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=x86_64&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=x86_64&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=x86_64&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=x86_64&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=x86_64&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=x86_64&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=x86_64&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=x86_64&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=x86&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=x86&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=x86&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=x86&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=x86&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=x86&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=x86&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=x86&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=x86&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=aarch64&distroversion=v3.18&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=aarch64&distroversion=v3.18&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=aarch64&distroversion=v3.18&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=armhf&distroversion=v3.18&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=armhf&distroversion=v3.18&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=armhf&distroversion=v3.18&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=armv7&distroversion=v3.18&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=armv7&distroversion=v3.18&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=armv7&distroversion=v3.18&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=ppc64le&distroversion=v3.18&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=ppc64le&distroversion=v3.18&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=ppc64le&distroversion=v3.18&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=s390x&distroversion=v3.18&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=s390x&distroversion=v3.18&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=s390x&distroversion=v3.18&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=x86_64&distroversion=v3.18&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=x86_64&distroversion=v3.18&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=x86_64&distroversion=v3.18&reponame=main

url	pkg:apk/alpine/openssl@3.1.4-r3?arch=x86&distroversion=v3.18&reponame=main
purl	pkg:apk/alpine/openssl@3.1.4-r3?arch=x86&distroversion=v3.18&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.1.4-r3%3Farch=x86&distroversion=v3.18&reponame=main

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7y4x-nrsa-mbb3

vulnerability	VCID-a6ex-h8k7-8fbx

vulnerability	VCID-cccj-zqe2-1bbw

vulnerability	VCID-mnvc-6qng-ufbb

vulnerability	VCID-q64m-j51z-6fhu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.0.13-1~deb12u1?distro=trixie
purl	pkg:deb/debian/openssl@3.0.13-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.13-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.20-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.20-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cccj-zqe2-1bbw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.20-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.1.5-1?distro=trixie
purl	pkg:deb/debian/openssl@3.1.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.1.5-1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.5.6-1~deb13u1?distro=trixie
purl	pkg:deb/debian/openssl@3.5.6-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.6-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

Affected_packages

url pkg:conan/openssl@3.0.0

purl pkg:conan/openssl@3.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kax-e29y-2qay

vulnerability	VCID-1y34-563n-83b3

vulnerability	VCID-4rjp-y9w5-sfak

vulnerability	VCID-5rnh-ggk4-8bdq

vulnerability	VCID-6vr9-d96b-t7cz

vulnerability	VCID-77dz-3tvz-c7b8

vulnerability	VCID-94bp-j4hm-sqb7

vulnerability	VCID-bf5v-rz9k-9qgh

vulnerability	VCID-fep2-jgws-6qf6

vulnerability	VCID-hmk7-eeaw-syfw

vulnerability	VCID-jmd8-78nq-vfg1

vulnerability	VCID-kpk3-xbcc-jfg8

vulnerability	VCID-m27k-yxxk-mbc6

vulnerability	VCID-mcrj-f2ds-c3d3

vulnerability	VCID-n7dz-yhyf-n7e7

vulnerability	VCID-n7xs-mgeg-jued

vulnerability	VCID-pfat-4gzk-suht

vulnerability	VCID-pr1d-efrx-kbbr

vulnerability	VCID-prku-34mb-d3g6

vulnerability	VCID-ptm7-pf2v-fqdc

vulnerability	VCID-qaht-xst5-pyh3

vulnerability	VCID-t8ve-d7kb-tyar

vulnerability	VCID-u3ks-ncv4-33f5

vulnerability	VCID-u4fw-w6bp-rkdq

vulnerability	VCID-vv2c-xvqf-cfdt

vulnerability	VCID-yvae-9f18-n7ep

vulnerability	VCID-znh8-j1ww-9yb4

resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.0

url pkg:conan/openssl@3.0.12

purl pkg:conan/openssl@3.0.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n7xs-mgeg-jued

resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.12

url pkg:conan/openssl@3.1.0

purl pkg:conan/openssl@3.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4rjp-y9w5-sfak

vulnerability	VCID-bf5v-rz9k-9qgh

vulnerability	VCID-hmk7-eeaw-syfw

vulnerability	VCID-kpk3-xbcc-jfg8

vulnerability	VCID-n7dz-yhyf-n7e7

vulnerability	VCID-n7xs-mgeg-jued

vulnerability	VCID-pr1d-efrx-kbbr

vulnerability	VCID-t8ve-d7kb-tyar

vulnerability	VCID-u3ks-ncv4-33f5

vulnerability	VCID-u4fw-w6bp-rkdq

vulnerability	VCID-znh8-j1ww-9yb4

resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.1.0

url pkg:conan/openssl@3.1.4

purl pkg:conan/openssl@3.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n7xs-mgeg-jued

resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.1.4

url pkg:conan/openssl@3.2.0

purl pkg:conan/openssl@3.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n7xs-mgeg-jued

resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.2.0

url pkg:rpm/redhat/edk2@20240524-6?arch=el9_5

purl pkg:rpm/redhat/edk2@20240524-6?arch=el9_5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9ad7-pcdj-ubbc

vulnerability	VCID-jwh4-skkx-b7g6

vulnerability	VCID-n7xs-mgeg-jued

vulnerability	VCID-yyrx-r985-fycc

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/edk2@20240524-6%3Farch=el9_5

url pkg:rpm/redhat/openssl@1:3.0.7-27?arch=el9

purl pkg:rpm/redhat/openssl@1:3.0.7-27?arch=el9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4rjp-y9w5-sfak

vulnerability	VCID-9ad7-pcdj-ubbc

vulnerability	VCID-hmk7-eeaw-syfw

vulnerability	VCID-n7xs-mgeg-jued

vulnerability	VCID-t8ve-d7kb-tyar

vulnerability	VCID-yvae-9f18-n7ep

vulnerability	VCID-yyrx-r985-fycc

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssl@1:3.0.7-27%3Farch=el9

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6129.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6129.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6129

reference_id

reference_type

scores

value	0.0342
scoring_system	epss
scoring_elements	0.87654
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6129

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-22T14:31:57Z/

url

https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35

reference_url

https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-22T14:31:57Z/

url

https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04

reference_url

https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-22T14:31:57Z/

url

https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015

reference_url

https://www.openssl.org/news/secadv/20240109.txt

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-22T14:31:57Z/

url

https://www.openssl.org/news/secadv/20240109.txt

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060347
reference_id	1060347
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060347

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2257571
reference_id	2257571
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2257571

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-6129
reference_id	CVE-2023-6129
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-6129

reference_url	https://access.redhat.com/errata/RHSA-2024:2447
reference_id	RHSA-2024:2447
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2447

reference_url	https://access.redhat.com/errata/RHSA-2024:9088
reference_id	RHSA-2024:9088
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9088

reference_url	https://usn.ubuntu.com/6622-1/
reference_id	USN-6622-1
reference_type
scores
url	https://usn.ubuntu.com/6622-1/

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	787
name	Out-of-bounds Write
description	The product writes data past the end, or before the beginning, of the intended buffer.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	328
name	Use of Weak Hash
description	The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).

cwe_id	440
name	Expected Behavior Violation
description	A feature, API, or function does not perform according to its specification.

Exploits

Severity_range_score 6.5 - 6.5

Exploitability 0.5

Weighted_severity 5.9

Risk_score 3.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n7xs-mgeg-jued

Vulnerability Instance