| Reporter | Title | Published | Views | Family All 204 |
|---|---|---|---|---|
| Exploit for Improper Certificate Validation in Wolfssl | 19 Apr 202606:30 | – | githubexploit | |
| CVE-2026-6450 | 25 Jun 202620:18 | – | attackerkb | |
| CVE-2026-6681 | 25 Jun 202620:11 | – | attackerkb | |
| CVE-2026-55961 | 25 Jun 202616:51 | – | attackerkb | |
| CVE-2026-6678 | 25 Jun 202620:16 | – | attackerkb | |
| CVE-2026-5194 | 9 Apr 202619:30 | – | attackerkb | |
| CVE-2026-55962 | 25 Jun 202621:12 | – | attackerkb | |
| CVE-2026-6329 | 25 Jun 202621:02 | – | attackerkb | |
| CVE-2026-6092 | 25 Jun 202621:06 | – | attackerkb | |
| CVE-2026-6094 | 25 Jun 202616:35 | – | attackerkb |
| Source | Link |
|---|---|
| security-tracker | www.security-tracker.debian.org/tracker/source-package/wolfssl |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2026-5194 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2026-55961 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2026-55962 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2026-55967 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2026-6092 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2026-6094 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2026-6325 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2026-6329 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2026-6331 |
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-4683. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('compat.inc');
if (description)
{
script_id(326925);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/07/15");
script_cve_id(
"CVE-2026-5194",
"CVE-2026-6092",
"CVE-2026-6094",
"CVE-2026-6325",
"CVE-2026-6329",
"CVE-2026-6331",
"CVE-2026-6450",
"CVE-2026-6678",
"CVE-2026-6681",
"CVE-2026-6731",
"CVE-2026-7511",
"CVE-2026-55961",
"CVE-2026-55962",
"CVE-2026-55967"
);
script_name(english:"Debian dla-4683 : libwolfssl-dev - security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
script_set_attribute(attribute:"description", value:
"The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dla-4683 advisory.
- -----------------------------------------------------------------------
Debian LTS Advisory DLA-4683-1 [email protected]
https://www.debian.org/lts/security/ Utkarsh Gupta
July 15, 2026 https://wiki.debian.org/LTS
- -----------------------------------------------------------------------
Package : wolfssl
Version : 5.5.4-2+deb12u3
CVE ID : CVE-2026-5194 CVE-2026-6092 CVE-2026-6094 CVE-2026-6325
CVE-2026-6329 CVE-2026-6331 CVE-2026-6450 CVE-2026-6678
CVE-2026-6681 CVE-2026-6731 CVE-2026-7511 CVE-2026-55961
CVE-2026-55962 CVE-2026-55967
Multiple vulnerabilities were discovered in wolfSSL, a lightweight,
portable, C-language-based SSL/TLS library, which could result in
signature forgery, authentication bypass, information disclosure, or
denial of service.
CVE-2026-5194
Missing hash/digest size and OID checks allowed digests smaller
than appropriate for the relevant key type to be accepted during
ECDSA certificate signature verification, weakening ECDSA
certificate-based authentication when EdDSA or ML-DSA support was
also enabled.
CVE-2026-6092
When configured with HAVE_ENCRYPT_THEN_MAC, the TLS resumption path
could fall back to MAC-then-Encrypt instead of enforcing
Encrypt-then-MAC.
CVE-2026-6094
A heap buffer over-read in wc_PKCS7_DecodeEnvelopedData when parsing
crafted PKCS#7 EnvelopedData could be triggered by attacker-supplied
data delivered via S/MIME or CMS.
CVE-2026-6325
An out-of-bounds write in SetSuitesHashSigAlgo when processing an
oversized signature algorithms list allowed a write past the bounds
of the destination buffer.
CVE-2026-6329
PKCS#12 MAC verification compared the computed HMAC against the
stored MAC using an attacker-controlled length, allowing a truncated
or zero-length MAC to be accepted and defeating the integrity
protection of the MAC.
CVE-2026-6331
An HMAC zero-length tag forgery in EVP_DigestVerifyFinal allowed a
truncated or empty tag to be accepted as a valid signature, because
the supplied length was only checked not to exceed the MAC length.
CVE-2026-6450
A CRL critical extension bypass in ParseCRL_Extensions allowed a
crafted CRL carrying an unhandled critical extension to be accepted.
This only affects builds with CRL support enabled.
CVE-2026-6678
An integer underflow in wc_PKCS7_DecryptOri when handling crafted
OtherRecipientInfo led to incorrect length handling during
decryption.
CVE-2026-6681
The PKCS#7 decode path ignored the caller-supplied output buffer
size (outputSz), allowing decoded content to be written past the
bounds of the provided buffer.
CVE-2026-6731
An X.509 name constraint bypass allowed a certificate whose Subject
Common Name violated an issuing CA's DNS name constraints to be
accepted when the CN was treated as a DNS-type name.
CVE-2026-7511
A PKCS7_verify signer confusion issue meant the signer associated
with a signature was not correctly bound, permitting a forged
signature to be accepted.
CVE-2026-55961
wolfSSL_PKCS7_verify() returned success for a degenerate
(certs-only) PKCS#7 object containing no signer, so a bundle
carrying no valid signature could be reported as verified. This
only affects OpenSSL compatibility builds.
CVE-2026-55962
A TLS 1.3 post-handshake authentication issue allowed a server to
accept a client's Finished message without the client having sent a
Certificate and CertificateVerify. This only affects TLS 1.3
servers configured with and actively using post-handshake
authentication.
CVE-2026-55967
AES-GCM encryption/decryption with extremely large cumulative single
message sizes (>64 GiB) were not properly rejected by the streaming
APIs, allowing counter wrap, keystream reuse and consequent
plaintext recovery.
For Debian 12 bookworm, these problems have been fixed in version
5.5.4-2+deb12u3.
We recommend that you upgrade your wolfssl packages.
For the detailed security status of wolfssl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wolfssl
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Tenable has extracted the preceding description block directly from the Debian security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/wolfssl");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-5194");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-55961");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-55962");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-55967");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-6092");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-6094");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-6325");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-6329");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-6331");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-6450");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-6678");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-6681");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-6731");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-7511");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bookworm/wolfssl");
script_set_attribute(attribute:"solution", value:
"Upgrade the libwolfssl-dev packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:L/SA:L");
script_set_attribute(attribute:"cvss4_supplemental", value:"CVSS:4.0/U:Red");
script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-6094");
script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2026-5194");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/04/09");
script_set_attribute(attribute:"patch_publication_date", value:"2026/07/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/07/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwolfssl-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwolfssl35");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(12)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 12.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);
var pkgs = [
{'release': '12.0', 'prefix': 'libwolfssl-dev', 'reference': '5.5.4-2+deb12u3'},
{'release': '12.0', 'prefix': 'libwolfssl35', 'reference': '5.5.4-2+deb12u3'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var _release = NULL;
var prefix = NULL;
var reference = NULL;
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (_release && prefix && reference) {
if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : deb_report_get()
);
exit(0);
}
else
{
var tested = deb_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libwolfssl-dev / libwolfssl35');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation