Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-jxf4-y1au-5bhw

Summary Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffer via a crafted oversized EC public key point. The WOLFSSL_KCAPI_ECC code path copies the input to key->pubkey_raw (132 bytes) using XMEMCPY without a bounds check, unlike the ATECC code path which includes a length validation. This can be triggered during TLS key exchange when a malicious peer sends a crafted ECPoint in ServerKeyExchange.

Aliases

alias	CVE-2026-4395

Fixed_packages

url	pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
purl	pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.1%3Fdistro=trixie

url	pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
purl	pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie

url	pkg:deb/debian/wolfssl@5.9.0-0.2
purl	pkg:deb/debian/wolfssl@5.9.0-0.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2

Affected_packages

url pkg:deb/debian/wolfssl@4.6.0%2Bp1-0%2Bdeb11u2

purl pkg:deb/debian/wolfssl@4.6.0%2Bp1-0%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1u3q-52yd-1bhe

vulnerability	VCID-24s5-d6jt-4kfe

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-47nm-nte5-27fm

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-6n4g-us9a-53g4

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-7xbp-qkvv-bqgm

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9hdy-aqa2-w3bd

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-cum2-vp1j-syfc

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-dpu2-4w42-kygw

vulnerability	VCID-euma-vgqx-sbau

vulnerability	VCID-f4gq-hqcp-dqe2

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-su8x-6n42-n3d5

vulnerability	VCID-u24a-2khf-uyba

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-xfgd-4hs3-vygk

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

vulnerability	VCID-zhf4-y8v8-gubn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@4.6.0%252Bp1-0%252Bdeb11u2

url pkg:deb/debian/wolfssl@4.6.0%2Bp1-0%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/wolfssl@4.6.0%2Bp1-0%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1u3q-52yd-1bhe

vulnerability	VCID-24s5-d6jt-4kfe

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-47nm-nte5-27fm

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-6n4g-us9a-53g4

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-7xbp-qkvv-bqgm

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9hdy-aqa2-w3bd

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-cum2-vp1j-syfc

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-dpu2-4w42-kygw

vulnerability	VCID-euma-vgqx-sbau

vulnerability	VCID-f4gq-hqcp-dqe2

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-su8x-6n42-n3d5

vulnerability	VCID-u24a-2khf-uyba

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-xfgd-4hs3-vygk

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

vulnerability	VCID-zhf4-y8v8-gubn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@4.6.0%252Bp1-0%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2

purl pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1u3q-52yd-1bhe

vulnerability	VCID-24s5-d6jt-4kfe

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-47nm-nte5-27fm

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-7xbp-qkvv-bqgm

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9hdy-aqa2-w3bd

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-dpu2-4w42-kygw

vulnerability	VCID-euma-vgqx-sbau

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-su8x-6n42-n3d5

vulnerability	VCID-u24a-2khf-uyba

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-xfgd-4hs3-vygk

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

vulnerability	VCID-zhf4-y8v8-gubn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.4-2%252Bdeb12u2

url pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1u3q-52yd-1bhe

vulnerability	VCID-24s5-d6jt-4kfe

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-47nm-nte5-27fm

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-7xbp-qkvv-bqgm

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9hdy-aqa2-w3bd

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-dpu2-4w42-kygw

vulnerability	VCID-euma-vgqx-sbau

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-su8x-6n42-n3d5

vulnerability	VCID-u24a-2khf-uyba

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-xfgd-4hs3-vygk

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

vulnerability	VCID-zhf4-y8v8-gubn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.4-2%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1

purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-4395

reference_id

reference_type

scores

value	0.00126
scoring_system	epss
scoring_elements	0.31928
published_at	2026-04-13T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31962
published_at	2026-04-12T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.32057
published_at	2026-04-02T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.32097
published_at	2026-04-04T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31919
published_at	2026-04-07T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31971
published_at	2026-04-08T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.32
published_at	2026-04-09T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.32003
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-4395

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4395
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4395

reference_url

https://github.com/wolfSSL/wolfssl/pull/9988

reference_id

9988

reference_type

scores

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/AU:Y/R:U/V:D/RE:L/U:Amber

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T17:09:25Z/

url

https://github.com/wolfSSL/wolfssl/pull/9988

Weaknesses

cwe_id	122
name	Heap-based Buffer Overflow
description	A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Exploits

Severity_range_score 1.3 - 1.3

Exploitability 0.5

Weighted_severity 1.2

Risk_score 0.6

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jxf4-y1au-5bhw

Vulnerability Instance