Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-x8et-cun9-6kgz

Summary An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is caused by Incorrect Use of Privileged APIs.

Aliases

alias	CVE-2026-34877

Fixed_packages

url	pkg:deb/debian/mbedtls@0?distro=trixie
purl	pkg:deb/debian/mbedtls@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/mbedtls@2.28.3-1

purl pkg:deb/debian/mbedtls@2.28.3-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-jeen-6u3v-8qab

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-ph4w-4hud-mkck

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-x8et-cun9-6kgz

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-jeen-6u3v-8qab

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-ph4w-4hud-mkck

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-x8et-cun9-6kgz

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-jeen-6u3v-8qab

vulnerability	VCID-ph4w-4hud-mkck

vulnerability	VCID-x8et-cun9-6kgz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-jeen-6u3v-8qab

vulnerability	VCID-ph4w-4hud-mkck

vulnerability	VCID-x8et-cun9-6kgz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-jeen-6u3v-8qab

vulnerability	VCID-ph4w-4hud-mkck

vulnerability	VCID-x8et-cun9-6kgz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1

purl pkg:deb/debian/mbedtls@3.6.5-0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-jeen-6u3v-8qab

vulnerability	VCID-ph4w-4hud-mkck

vulnerability	VCID-x8et-cun9-6kgz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-34877

reference_id

reference_type

scores

value	0.00075
scoring_system	epss
scoring_elements	0.22724
published_at	2026-04-04T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.29953
published_at	2026-04-07T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35266
published_at	2026-04-24T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35555
published_at	2026-04-18T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35244
published_at	2026-04-26T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35504
published_at	2026-04-21T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35559
published_at	2026-04-08T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35584
published_at	2026-04-09T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35594
published_at	2026-04-11T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35549
published_at	2026-04-12T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35526
published_at	2026-04-13T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35565
published_at	2026-04-16T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42212
published_at	2026-04-29T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44522
published_at	2026-05-12T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44468
published_at	2026-05-05T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44538
published_at	2026-05-07T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44556
published_at	2026-05-09T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44493
published_at	2026-05-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-34877

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34877
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34877

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132577
reference_id	1132577
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132577

reference_url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-serialized-data/

reference_id

mbedtls-security-advisory-2026-03-serialized-data

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:51:48Z/

url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-serialized-data/

reference_url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/

reference_id

security-advisories

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:51:48Z/

url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/

Weaknesses

Exploits

Severity_range_score 9.8 - 9.8

Exploitability 0.5

Weighted_severity 4.9

Risk_score 2.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x8et-cun9-6kgz

Vulnerability Instance