Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/podman@1.9.3-3.rhaos4.6?arch=el8
Typerpm
Namespaceredhat
Namepodman
Version1.9.3-3.rhaos4.6
Qualifiers
arch el8
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-ckg3-5czq-t7ek
vulnerability_id VCID-ckg3-5czq-t7ek
summary 
Information disclosure in podman
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14370.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14370.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14370
reference_id
reference_type
scores
0
value 0.00177
scoring_system epss
scoring_elements 0.39338
published_at 2026-04-18T12:55:00Z
1
value 0.00177
scoring_system epss
scoring_elements 0.39164
published_at 2026-04-01T12:55:00Z
2
value 0.00177
scoring_system epss
scoring_elements 0.39351
published_at 2026-04-02T12:55:00Z
3
value 0.00177
scoring_system epss
scoring_elements 0.39374
published_at 2026-04-04T12:55:00Z
4
value 0.00177
scoring_system epss
scoring_elements 0.39288
published_at 2026-04-07T12:55:00Z
5
value 0.00177
scoring_system epss
scoring_elements 0.39343
published_at 2026-04-08T12:55:00Z
6
value 0.00177
scoring_system epss
scoring_elements 0.3936
published_at 2026-04-09T12:55:00Z
7
value 0.00177
scoring_system epss
scoring_elements 0.39371
published_at 2026-04-11T12:55:00Z
8
value 0.00177
scoring_system epss
scoring_elements 0.39332
published_at 2026-04-12T12:55:00Z
9
value 0.00177
scoring_system epss
scoring_elements 0.39314
published_at 2026-04-13T12:55:00Z
10
value 0.00177
scoring_system epss
scoring_elements 0.39366
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14370
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1874268
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1874268
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14370
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14370
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/containers/podman
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containers/podman
6
reference_url https://github.com/containers/podman/commit/a7e864e6e7de894d4edde4fff00e53dc6a0b5074
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containers/podman/commit/a7e864e6e7de894d4edde4fff00e53dc6a0b5074
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G6BPCZX4ASKNONL3MSCK564IVXNYSKLP
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G6BPCZX4ASKNONL3MSCK564IVXNYSKLP
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y74V7HGQBNLT6XECCSNZNFZIB7G7XSAR
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y74V7HGQBNLT6XECCSNZNFZIB7G7XSAR
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4Y2FSGQWP4AFT5AZ6UBN6RKHVXUBRFV
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4Y2FSGQWP4AFT5AZ6UBN6RKHVXUBRFV
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-14370
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-14370
11
reference_url https://security.archlinux.org/ASA-202009-11
reference_id ASA-202009-11
reference_type
scores
url https://security.archlinux.org/ASA-202009-11
12
reference_url https://security.archlinux.org/AVG-1233
reference_id AVG-1233
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1233
13
reference_url https://access.redhat.com/errata/RHSA-2020:4297
reference_id RHSA-2020:4297
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4297
14
reference_url https://access.redhat.com/errata/RHSA-2020:5056
reference_id RHSA-2020:5056
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5056
15
reference_url https://access.redhat.com/errata/RHSA-2021:0531
reference_id RHSA-2021:0531
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0531
fixed_packages
aliases CVE-2020-14370, GHSA-c3wv-qmjj-45r6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ckg3-5czq-t7ek
1
url VCID-dwge-3up7-yyaq
vulnerability_id VCID-dwge-3up7-yyaq
summary 
Withdrawn Advisory: Infinite loop in xz
### Withdrawn Advisory
This advisory has been withdrawn because alerts cannot be issued for the Go standard library at this time.

### Original Description
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00021.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00028.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00028.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-16845.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-16845.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-16845
reference_id
reference_type
scores
0
value 0.00147
scoring_system epss
scoring_elements 0.35232
published_at 2026-04-16T12:55:00Z
1
value 0.00147
scoring_system epss
scoring_elements 0.35218
published_at 2026-04-18T12:55:00Z
2
value 0.00147
scoring_system epss
scoring_elements 0.35253
published_at 2026-04-11T12:55:00Z
3
value 0.00147
scoring_system epss
scoring_elements 0.35249
published_at 2026-04-09T12:55:00Z
4
value 0.00147
scoring_system epss
scoring_elements 0.35224
published_at 2026-04-08T12:55:00Z
5
value 0.00147
scoring_system epss
scoring_elements 0.35179
published_at 2026-04-07T12:55:00Z
6
value 0.00147
scoring_system epss
scoring_elements 0.35298
published_at 2026-04-04T12:55:00Z
7
value 0.00147
scoring_system epss
scoring_elements 0.3527
published_at 2026-04-02T12:55:00Z
8
value 0.00147
scoring_system epss
scoring_elements 0.3507
published_at 2026-04-01T12:55:00Z
9
value 0.00147
scoring_system epss
scoring_elements 0.35194
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-16845
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15586
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15586
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16845
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16845
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7919
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7919
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3114
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3114
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b
12
reference_url https://github.com/ulikunitz/xz/issues/35
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ulikunitz/xz/issues/35
13
reference_url https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo
14
reference_url https://groups.google.com/forum/#!topic/golang-announce/_ulYYcIWg3Q
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/golang-announce/_ulYYcIWg3Q
15
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html
16
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWRBAH4UZJO3RROQ72SYCUPFCJFA22FO
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWRBAH4UZJO3RROQ72SYCUPFCJFA22FO
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-16845
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-16845
22
reference_url https://security.netapp.com/advisory/ntap-20200924-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200924-0002
23
reference_url https://www.debian.org/security/2021/dsa-4848
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4848
24
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1867099
reference_id 1867099
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1867099
26
reference_url https://access.redhat.com/errata/RHSA-2020:3665
reference_id RHSA-2020:3665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3665
27
reference_url https://access.redhat.com/errata/RHSA-2020:4201
reference_id RHSA-2020:4201
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4201
28
reference_url https://access.redhat.com/errata/RHSA-2020:4214
reference_id RHSA-2020:4214
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4214
29
reference_url https://access.redhat.com/errata/RHSA-2020:4297
reference_id RHSA-2020:4297
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4297
30
reference_url https://access.redhat.com/errata/RHSA-2020:5118
reference_id RHSA-2020:5118
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5118
31
reference_url https://access.redhat.com/errata/RHSA-2020:5119
reference_id RHSA-2020:5119
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5119
32
reference_url https://access.redhat.com/errata/RHSA-2020:5159
reference_id RHSA-2020:5159
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5159
33
reference_url https://access.redhat.com/errata/RHSA-2020:5605
reference_id RHSA-2020:5605
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5605
34
reference_url https://access.redhat.com/errata/RHSA-2020:5606
reference_id RHSA-2020:5606
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5606
35
reference_url https://access.redhat.com/errata/RHSA-2020:5649
reference_id RHSA-2020:5649
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5649
36
reference_url https://access.redhat.com/errata/RHSA-2021:0072
reference_id RHSA-2021:0072
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0072
37
reference_url https://access.redhat.com/errata/RHSA-2021:0172
reference_id RHSA-2021:0172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0172
38
reference_url https://access.redhat.com/errata/RHSA-2021:0713
reference_id RHSA-2021:0713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0713
39
reference_url https://access.redhat.com/errata/RHSA-2021:0956
reference_id RHSA-2021:0956
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0956
40
reference_url https://access.redhat.com/errata/RHSA-2021:1016
reference_id RHSA-2021:1016
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1016
41
reference_url https://access.redhat.com/errata/RHSA-2021:1366
reference_id RHSA-2021:1366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1366
42
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
43
reference_url https://access.redhat.com/errata/RHSA-2021:2122
reference_id RHSA-2021:2122
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2122
44
reference_url https://access.redhat.com/errata/RHSA-2021:4103
reference_id RHSA-2021:4103
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4103
45
reference_url https://usn.ubuntu.com/5725-1/
reference_id USN-5725-1
reference_type
scores
url https://usn.ubuntu.com/5725-1/
46
reference_url https://usn.ubuntu.com/5725-2/
reference_id USN-5725-2
reference_type
scores
url https://usn.ubuntu.com/5725-2/
fixed_packages
aliases CVE-2020-16845, GHSA-q6gq-997w-f55g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dwge-3up7-yyaq
2
url VCID-n82z-sfd6-x3af
vulnerability_id VCID-n82z-sfd6-x3af
summary 
golang.org/x/text Infinite loop
Go version v0.3.3 of the x/text package fixes a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.

### Specific Go Packages Affected
golang.org/x/text/encoding/unicode
golang.org/x/text/transform
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14040.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14040.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14040
reference_id
reference_type
scores
0
value 8e-05
scoring_system epss
scoring_elements 0.00644
published_at 2026-04-18T12:55:00Z
1
value 8e-05
scoring_system epss
scoring_elements 0.00661
published_at 2026-04-08T12:55:00Z
2
value 8e-05
scoring_system epss
scoring_elements 0.00639
published_at 2026-04-16T12:55:00Z
3
value 8e-05
scoring_system epss
scoring_elements 0.00648
published_at 2026-04-13T12:55:00Z
4
value 8e-05
scoring_system epss
scoring_elements 0.00646
published_at 2026-04-12T12:55:00Z
5
value 8e-05
scoring_system epss
scoring_elements 0.00653
published_at 2026-04-11T12:55:00Z
6
value 8e-05
scoring_system epss
scoring_elements 0.00663
published_at 2026-04-01T12:55:00Z
7
value 8e-05
scoring_system epss
scoring_elements 0.00667
published_at 2026-04-02T12:55:00Z
8
value 8e-05
scoring_system epss
scoring_elements 0.00659
published_at 2026-04-04T12:55:00Z
9
value 8e-05
scoring_system epss
scoring_elements 0.00662
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14040
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14040
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14040
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/golang/go/issues/39491
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/golang/go/issues/39491
5
reference_url https://github.com/golang/text/commit/23ae387dee1f90d29a23c0e87ee0b46038fbed0e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/golang/text/commit/23ae387dee1f90d29a23c0e87ee0b46038fbed0e
6
reference_url https://go.dev/cl/238238
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.dev/cl/238238
7
reference_url https://go.dev/issue/39491
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.dev/issue/39491
8
reference_url https://go.googlesource.com/text/+/23ae387dee1f90d29a23c0e87ee0b46038fbed0e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.googlesource.com/text/+/23ae387dee1f90d29a23c0e87ee0b46038fbed0e
9
reference_url https://go-review.googlesource.com/c/text/+/238238
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go-review.googlesource.com/c/text/+/238238
10
reference_url https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0
11
reference_url https://groups.google.com/g/golang-announce/c/bXVeAmGOqz0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/golang-announce/c/bXVeAmGOqz0
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-14040
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-14040
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1853652
reference_id 1853652
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1853652
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964272
reference_id 964272
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964272
16
reference_url https://access.redhat.com/errata/RHSA-2020:3087
reference_id RHSA-2020:3087
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3087
17
reference_url https://access.redhat.com/errata/RHSA-2020:3369
reference_id RHSA-2020:3369
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3369
18
reference_url https://access.redhat.com/errata/RHSA-2020:3372
reference_id RHSA-2020:3372
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3372
19
reference_url https://access.redhat.com/errata/RHSA-2020:3578
reference_id RHSA-2020:3578
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3578
20
reference_url https://access.redhat.com/errata/RHSA-2020:3665
reference_id RHSA-2020:3665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3665
21
reference_url https://access.redhat.com/errata/RHSA-2020:3727
reference_id RHSA-2020:3727
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3727
22
reference_url https://access.redhat.com/errata/RHSA-2020:3780
reference_id RHSA-2020:3780
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3780
23
reference_url https://access.redhat.com/errata/RHSA-2020:3783
reference_id RHSA-2020:3783
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3783
24
reference_url https://access.redhat.com/errata/RHSA-2020:4214
reference_id RHSA-2020:4214
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4214
25
reference_url https://access.redhat.com/errata/RHSA-2020:4297
reference_id RHSA-2020:4297
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4297
26
reference_url https://access.redhat.com/errata/RHSA-2020:4298
reference_id RHSA-2020:4298
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4298
27
reference_url https://access.redhat.com/errata/RHSA-2020:4694
reference_id RHSA-2020:4694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4694
28
reference_url https://access.redhat.com/errata/RHSA-2020:5054
reference_id RHSA-2020:5054
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5054
29
reference_url https://access.redhat.com/errata/RHSA-2020:5055
reference_id RHSA-2020:5055
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5055
30
reference_url https://access.redhat.com/errata/RHSA-2020:5056
reference_id RHSA-2020:5056
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5056
31
reference_url https://access.redhat.com/errata/RHSA-2020:5149
reference_id RHSA-2020:5149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5149
32
reference_url https://access.redhat.com/errata/RHSA-2020:5198
reference_id RHSA-2020:5198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5198
33
reference_url https://access.redhat.com/errata/RHSA-2020:5605
reference_id RHSA-2020:5605
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5605
34
reference_url https://access.redhat.com/errata/RHSA-2020:5606
reference_id RHSA-2020:5606
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5606
35
reference_url https://access.redhat.com/errata/RHSA-2020:5633
reference_id RHSA-2020:5633
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5633
36
reference_url https://access.redhat.com/errata/RHSA-2020:5635
reference_id RHSA-2020:5635
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5635
37
reference_url https://access.redhat.com/errata/RHSA-2021:0420
reference_id RHSA-2021:0420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0420
38
reference_url https://access.redhat.com/errata/RHSA-2021:0980
reference_id RHSA-2021:0980
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0980
39
reference_url https://access.redhat.com/errata/RHSA-2021:1129
reference_id RHSA-2021:1129
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1129
40
reference_url https://access.redhat.com/errata/RHSA-2021:1369
reference_id RHSA-2021:1369
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1369
41
reference_url https://access.redhat.com/errata/RHSA-2021:2039
reference_id RHSA-2021:2039
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2039
42
reference_url https://usn.ubuntu.com/5873-1/
reference_id USN-5873-1
reference_type
scores
url https://usn.ubuntu.com/5873-1/
fixed_packages
aliases CVE-2020-14040, GHSA-5rcv-m4m3-hfh7
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n82z-sfd6-x3af
3
url VCID-w9qm-pwnh-4ydj
vulnerability_id VCID-w9qm-pwnh-4ydj
summary golang: data race in certain net/http servers including ReverseProxy can lead to DoS
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15586.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15586.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15586
reference_id
reference_type
scores
0
value 0.00614
scoring_system epss
scoring_elements 0.69813
published_at 2026-04-01T12:55:00Z
1
value 0.00614
scoring_system epss
scoring_elements 0.69826
published_at 2026-04-02T12:55:00Z
2
value 0.00614
scoring_system epss
scoring_elements 0.69841
published_at 2026-04-04T12:55:00Z
3
value 0.00614
scoring_system epss
scoring_elements 0.69817
published_at 2026-04-07T12:55:00Z
4
value 0.00614
scoring_system epss
scoring_elements 0.69866
published_at 2026-04-08T12:55:00Z
5
value 0.00614
scoring_system epss
scoring_elements 0.69882
published_at 2026-04-09T12:55:00Z
6
value 0.00614
scoring_system epss
scoring_elements 0.69904
published_at 2026-04-11T12:55:00Z
7
value 0.00614
scoring_system epss
scoring_elements 0.69889
published_at 2026-04-12T12:55:00Z
8
value 0.00614
scoring_system epss
scoring_elements 0.69874
published_at 2026-04-13T12:55:00Z
9
value 0.00614
scoring_system epss
scoring_elements 0.69916
published_at 2026-04-16T12:55:00Z
10
value 0.00614
scoring_system epss
scoring_elements 0.69925
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15586
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15586
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15586
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16845
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16845
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7919
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7919
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3114
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3114
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1856953
reference_id 1856953
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1856953
8
reference_url https://access.redhat.com/errata/RHSA-2020:3665
reference_id RHSA-2020:3665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3665
9
reference_url https://access.redhat.com/errata/RHSA-2020:4201
reference_id RHSA-2020:4201
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4201
10
reference_url https://access.redhat.com/errata/RHSA-2020:4214
reference_id RHSA-2020:4214
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4214
11
reference_url https://access.redhat.com/errata/RHSA-2020:4297
reference_id RHSA-2020:4297
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4297
12
reference_url https://access.redhat.com/errata/RHSA-2020:5118
reference_id RHSA-2020:5118
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5118
13
reference_url https://access.redhat.com/errata/RHSA-2020:5119
reference_id RHSA-2020:5119
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5119
14
reference_url https://access.redhat.com/errata/RHSA-2020:5605
reference_id RHSA-2020:5605
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5605
15
reference_url https://access.redhat.com/errata/RHSA-2020:5606
reference_id RHSA-2020:5606
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5606
16
reference_url https://access.redhat.com/errata/RHSA-2020:5649
reference_id RHSA-2020:5649
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5649
17
reference_url https://access.redhat.com/errata/RHSA-2021:0072
reference_id RHSA-2021:0072
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0072
18
reference_url https://access.redhat.com/errata/RHSA-2021:0172
reference_id RHSA-2021:0172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0172
19
reference_url https://access.redhat.com/errata/RHSA-2021:0713
reference_id RHSA-2021:0713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0713
20
reference_url https://access.redhat.com/errata/RHSA-2021:0956
reference_id RHSA-2021:0956
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0956
21
reference_url https://access.redhat.com/errata/RHSA-2021:1016
reference_id RHSA-2021:1016
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1016
22
reference_url https://access.redhat.com/errata/RHSA-2021:1366
reference_id RHSA-2021:1366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1366
23
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
24
reference_url https://access.redhat.com/errata/RHSA-2021:2122
reference_id RHSA-2021:2122
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2122
25
reference_url https://access.redhat.com/errata/RHSA-2021:4103
reference_id RHSA-2021:4103
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4103
fixed_packages
aliases CVE-2020-15586
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w9qm-pwnh-4ydj
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/podman@1.9.3-3.rhaos4.6%3Farch=el8