Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-8gde-1md7-5yak
SummaryOpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.
Aliases
0
alias CVE-2025-27587
Fixed_packages
0
url pkg:deb/debian/openssl@3.0.14-1~deb12u1
purl pkg:deb/debian/openssl@3.0.14-1~deb12u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.14-1~deb12u1
1
url pkg:deb/debian/openssl@3.0.19-1~deb12u2
purl pkg:deb/debian/openssl@3.0.19-1~deb12u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.19-1~deb12u2
2
url pkg:deb/debian/openssl@3.5.0-1?distro=trixie
purl pkg:deb/debian/openssl@3.5.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.0-1%3Fdistro=trixie
3
url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie
purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7f9q-mhsr-8bfq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/openssl@3.6.1-3?distro=trixie
purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-74wu-sup9-cybb
1
vulnerability VCID-7f9q-mhsr-8bfq
2
vulnerability VCID-87vs-4p6w-xbgq
3
vulnerability VCID-cef8-2p5t-bff7
4
vulnerability VCID-f2na-rtsu-ffad
5
vulnerability VCID-hgvf-vxhr-cye8
6
vulnerability VCID-wuwm-ksb1-6qd5
7
vulnerability VCID-zkc9-huk8-27bc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie
5
url pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie
Affected_packages
0
url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-87vs-4p6w-xbgq
1
vulnerability VCID-8gde-1md7-5yak
2
vulnerability VCID-cef8-2p5t-bff7
3
vulnerability VCID-f2na-rtsu-ffad
4
vulnerability VCID-hgvf-vxhr-cye8
5
vulnerability VCID-wuwm-ksb1-6qd5
6
vulnerability VCID-zkc9-huk8-27bc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1
purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6mua-rkdu-87ay
1
vulnerability VCID-7xwq-vdej-ayg1
2
vulnerability VCID-87vs-4p6w-xbgq
3
vulnerability VCID-8gde-1md7-5yak
4
vulnerability VCID-antn-nu5a-7yf6
5
vulnerability VCID-bfv6-sbnh-5uh5
6
vulnerability VCID-cef8-2p5t-bff7
7
vulnerability VCID-chgr-9utt-kqbp
8
vulnerability VCID-efpm-7cfa-z7hx
9
vulnerability VCID-f2na-rtsu-ffad
10
vulnerability VCID-fwwa-41df-zqfk
11
vulnerability VCID-gz4c-x1gb-muat
12
vulnerability VCID-hgvf-vxhr-cye8
13
vulnerability VCID-hpev-apm4-sqfw
14
vulnerability VCID-jq5s-hzam-zfda
15
vulnerability VCID-mg21-k76s-sqfp
16
vulnerability VCID-p7ca-uc7n-mfc4
17
vulnerability VCID-rgue-at15-k7a2
18
vulnerability VCID-sn5k-3e59-7ba8
19
vulnerability VCID-w9yg-3dbq-8qge
20
vulnerability VCID-wuwm-ksb1-6qd5
21
vulnerability VCID-zkc9-huk8-27bc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1
2
url pkg:deb/debian/openssl@3.0.18-1~deb12u1
purl pkg:deb/debian/openssl@3.0.18-1~deb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8gde-1md7-5yak
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1
3
url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie
purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8gde-1md7-5yak
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27587
reference_id
reference_type
scores
0
value 0.00078
scoring_system epss
scoring_elements 0.23308
published_at 2026-04-04T12:55:00Z
1
value 0.00078
scoring_system epss
scoring_elements 0.23265
published_at 2026-04-02T12:55:00Z
2
value 0.00078
scoring_system epss
scoring_elements 0.23244
published_at 2026-04-11T12:55:00Z
3
value 0.00078
scoring_system epss
scoring_elements 0.23223
published_at 2026-04-09T12:55:00Z
4
value 0.00078
scoring_system epss
scoring_elements 0.23172
published_at 2026-04-08T12:55:00Z
5
value 0.00078
scoring_system epss
scoring_elements 0.23098
published_at 2026-04-07T12:55:00Z
6
value 0.00224
scoring_system epss
scoring_elements 0.45102
published_at 2026-04-13T12:55:00Z
7
value 0.00224
scoring_system epss
scoring_elements 0.451
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27587
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27587
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27587
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/openssl/openssl/issues/24253
reference_id 24253
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-26T16:16:27Z/
url https://github.com/openssl/openssl/issues/24253
Weaknesses
Exploits
Severity_range_score5.3 - 5.3
Exploitability0.5
Weighted_severity4.8
Risk_score2.4
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-8gde-1md7-5yak