Lucene search
K

Debian dla-4683 : libwolfssl-dev - security update

🗓️ 15 Jul 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 4 Views

Debian security update for wolfssl fixing multiple CVEs that could cause forgery, bypass, disclosure, or DoS.

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for Improper Certificate Validation in Wolfssl
19 Apr 202606:30
githubexploit
ATTACKERKB
CVE-2026-6450
25 Jun 202620:18
attackerkb
ATTACKERKB
CVE-2026-6681
25 Jun 202620:11
attackerkb
ATTACKERKB
CVE-2026-55961
25 Jun 202616:51
attackerkb
ATTACKERKB
CVE-2026-6678
25 Jun 202620:16
attackerkb
ATTACKERKB
CVE-2026-5194
9 Apr 202619:30
attackerkb
ATTACKERKB
CVE-2026-55962
25 Jun 202621:12
attackerkb
ATTACKERKB
CVE-2026-6329
25 Jun 202621:02
attackerkb
ATTACKERKB
CVE-2026-6092
25 Jun 202621:06
attackerkb
ATTACKERKB
CVE-2026-6094
25 Jun 202616:35
attackerkb
Rows per page
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-4683. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(326925);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/07/15");

  script_cve_id(
    "CVE-2026-5194",
    "CVE-2026-6092",
    "CVE-2026-6094",
    "CVE-2026-6325",
    "CVE-2026-6329",
    "CVE-2026-6331",
    "CVE-2026-6450",
    "CVE-2026-6678",
    "CVE-2026-6681",
    "CVE-2026-6731",
    "CVE-2026-7511",
    "CVE-2026-55961",
    "CVE-2026-55962",
    "CVE-2026-55967"
  );

  script_name(english:"Debian dla-4683 : libwolfssl-dev - security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dla-4683 advisory.

    - -----------------------------------------------------------------------
    Debian LTS Advisory DLA-4683-1              [email protected]
    https://www.debian.org/lts/security/                      Utkarsh Gupta
    July 15, 2026                               https://wiki.debian.org/LTS
    - -----------------------------------------------------------------------

    Package        : wolfssl
    Version        : 5.5.4-2+deb12u3
    CVE ID         : CVE-2026-5194 CVE-2026-6092 CVE-2026-6094 CVE-2026-6325
                     CVE-2026-6329 CVE-2026-6331 CVE-2026-6450 CVE-2026-6678
                     CVE-2026-6681 CVE-2026-6731 CVE-2026-7511 CVE-2026-55961
                     CVE-2026-55962 CVE-2026-55967

    Multiple vulnerabilities were discovered in wolfSSL, a lightweight,
    portable, C-language-based SSL/TLS library, which could result in
    signature forgery, authentication bypass, information disclosure, or
    denial of service.

    CVE-2026-5194

        Missing hash/digest size and OID checks allowed digests smaller
        than appropriate for the relevant key type to be accepted during
        ECDSA certificate signature verification, weakening ECDSA
        certificate-based authentication when EdDSA or ML-DSA support was
        also enabled.

    CVE-2026-6092

        When configured with HAVE_ENCRYPT_THEN_MAC, the TLS resumption path
        could fall back to MAC-then-Encrypt instead of enforcing
        Encrypt-then-MAC.

    CVE-2026-6094

        A heap buffer over-read in wc_PKCS7_DecodeEnvelopedData when parsing
        crafted PKCS#7 EnvelopedData could be triggered by attacker-supplied
        data delivered via S/MIME or CMS.

    CVE-2026-6325

        An out-of-bounds write in SetSuitesHashSigAlgo when processing an
        oversized signature algorithms list allowed a write past the bounds
        of the destination buffer.

    CVE-2026-6329

        PKCS#12 MAC verification compared the computed HMAC against the
        stored MAC using an attacker-controlled length, allowing a truncated
        or zero-length MAC to be accepted and defeating the integrity
        protection of the MAC.

    CVE-2026-6331

        An HMAC zero-length tag forgery in EVP_DigestVerifyFinal allowed a
        truncated or empty tag to be accepted as a valid signature, because
        the supplied length was only checked not to exceed the MAC length.

    CVE-2026-6450

        A CRL critical extension bypass in ParseCRL_Extensions allowed a
        crafted CRL carrying an unhandled critical extension to be accepted.
        This only affects builds with CRL support enabled.

    CVE-2026-6678

        An integer underflow in wc_PKCS7_DecryptOri when handling crafted
        OtherRecipientInfo led to incorrect length handling during
        decryption.

    CVE-2026-6681

        The PKCS#7 decode path ignored the caller-supplied output buffer
        size (outputSz), allowing decoded content to be written past the
        bounds of the provided buffer.

    CVE-2026-6731

        An X.509 name constraint bypass allowed a certificate whose Subject
        Common Name violated an issuing CA's DNS name constraints to be
        accepted when the CN was treated as a DNS-type name.

    CVE-2026-7511

        A PKCS7_verify signer confusion issue meant the signer associated
        with a signature was not correctly bound, permitting a forged
        signature to be accepted.

    CVE-2026-55961

        wolfSSL_PKCS7_verify() returned success for a degenerate
        (certs-only) PKCS#7 object containing no signer, so a bundle
        carrying no valid signature could be reported as verified. This
        only affects OpenSSL compatibility builds.

    CVE-2026-55962

        A TLS 1.3 post-handshake authentication issue allowed a server to
        accept a client's Finished message without the client having sent a
        Certificate and CertificateVerify. This only affects TLS 1.3
        servers configured with and actively using post-handshake
        authentication.

    CVE-2026-55967

        AES-GCM encryption/decryption with extremely large cumulative single
        message sizes (>64 GiB) were not properly rejected by the streaming
        APIs, allowing counter wrap, keystream reuse and consequent
        plaintext recovery.

    For Debian 12 bookworm, these problems have been fixed in version
    5.5.4-2+deb12u3.

    We recommend that you upgrade your wolfssl packages.

    For the detailed security status of wolfssl please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/wolfssl

    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/wolfssl");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-5194");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-55961");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-55962");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-55967");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-6092");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-6094");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-6325");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-6329");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-6331");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-6450");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-6678");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-6681");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-6731");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-7511");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bookworm/wolfssl");
  script_set_attribute(attribute:"solution", value:
"Upgrade the libwolfssl-dev packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:L/SA:L");
  script_set_attribute(attribute:"cvss4_supplemental", value:"CVSS:4.0/U:Red");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-6094");
  script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2026-5194");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/04/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/07/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/07/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwolfssl-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwolfssl35");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(12)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 12.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '12.0', 'prefix': 'libwolfssl-dev', 'reference': '5.5.4-2+deb12u3'},
    {'release': '12.0', 'prefix': 'libwolfssl35', 'reference': '5.5.4-2+deb12u3'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var _release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (_release && prefix && reference) {
    if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libwolfssl-dev / libwolfssl35');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

15 Jul 2026 00:00Current
6.8Medium risk
Vulners AI Score6.8
CVSS 3.19.1
CVSS 49.3
EPSS0.00468
SSVC
4