Alpine: multiple wolfssl packages: security update to 5.5.0-r0

high Tenable Cloud Security Plugin ID 426263

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and
SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the
second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If
the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl)
on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that
this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use
wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore,
wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of
wolfSSL's native API. (CVE-2022-38152)

See Also

https://security.alpinelinux.org/vuln/CVE-2022-38152

Plugin Details

Severity: High

ID: 426263

Version: Revision 1.5

Type: Local

Published: 5/16/2025

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.51

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2022-38152

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 8/31/2022

Reference Information

CVE: CVE-2022-38152