Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1038088?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1038088?format=api", "purl": "pkg:deb/debian/c-ares@1.12.0-1%2Bdeb9u1", "type": "deb", "namespace": "debian", "name": "c-ares", "version": "1.12.0-1+deb9u1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.34.5-1+deb13u1", "latest_non_vulnerable_version": "1.34.5-1+deb13u1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11629?format=api", "vulnerability_id": "VCID-1xdz-dku3-qqc4", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3672.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3672.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3672", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17144", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17157", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.1731", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17358", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17138", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17229", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17287", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17265", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17216", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3672" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1988342", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1988342" }, { "reference_url": "https://c-ares.haxx.se/adv_20210810.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/" } ], "url": "https://c-ares.haxx.se/adv_20210810.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3672" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992053", "reference_id": "992053", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992053" }, { "reference_url": "https://security.archlinux.org/ASA-202108-13", "reference_id": "ASA-202108-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202108-13" }, { "reference_url": "https://security.archlinux.org/AVG-2268", "reference_id": "AVG-2268", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2268" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672", "reference_id": "CVE-2021-3672", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672" }, { "reference_url": "https://security.gentoo.org/glsa/202401-02", "reference_id": "GLSA-202401-02", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/" } ], "url": "https://security.gentoo.org/glsa/202401-02" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3280", "reference_id": "RHSA-2021:3280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3281", "reference_id": "RHSA-2021:3281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3623", "reference_id": "RHSA-2021:3623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3638", "reference_id": "RHSA-2021:3638", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3638" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3639", "reference_id": "RHSA-2021:3639", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3639" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3666", "reference_id": "RHSA-2021:3666", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3666" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2043", "reference_id": "RHSA-2022:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2043" }, { "reference_url": "https://usn.ubuntu.com/5034-1/", "reference_id": "USN-5034-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5034-1/" }, { "reference_url": "https://usn.ubuntu.com/5034-2/", "reference_id": "USN-5034-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5034-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038089?format=api", "purl": "pkg:deb/debian/c-ares@1.14.0-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1xdz-dku3-qqc4" }, { "vulnerability": "VCID-5vh6-usw6-2qhy" }, { "vulnerability": "VCID-gx39-xzj1-vfb7" }, { "vulnerability": "VCID-krvu-3d14-yudt" }, { "vulnerability": "VCID-m4sn-7wuq-e3cd" }, { "vulnerability": "VCID-pavw-rssx-53cg" }, { "vulnerability": "VCID-vezx-cgbw-zqdp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.14.0-1%252Bdeb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/584724?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3" } ], "aliases": [ "CVE-2021-3672" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1xdz-dku3-qqc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16706?format=api", "vulnerability_id": "VCID-5vh6-usw6-2qhy", "summary": "Improper Input Validation\nA flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4904.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4904.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4904", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37124", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.36999", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37156", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.36987", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37037", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.3705", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37059", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37025", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4904" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:25:39Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4904" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/c-ares/c-ares/issues/496", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:25:39Z/" } ], "url": "https://github.com/c-ares/c-ares/issues/496" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031525", "reference_id": "1031525", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031525" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/", "reference_id": "33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:25:39Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904", "reference_id": "CVE-2022-4904", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904" }, { "reference_url": "https://security.gentoo.org/glsa/202401-02", "reference_id": "GLSA-202401-02", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:25:39Z/" } ], "url": "https://security.gentoo.org/glsa/202401-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1533", "reference_id": "RHSA-2023:1533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1533" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1582", "reference_id": "RHSA-2023:1582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1742", "reference_id": "RHSA-2023:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1743", "reference_id": "RHSA-2023:1743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1744", "reference_id": "RHSA-2023:1744", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1744" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2654", "reference_id": "RHSA-2023:2654", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2654" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2655", "reference_id": "RHSA-2023:2655", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2655" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4035", "reference_id": "RHSA-2023:4035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5533", "reference_id": "RHSA-2023:5533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5533" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6291", "reference_id": "RHSA-2023:6291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6291" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6635", "reference_id": "RHSA-2023:6635", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6635" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7116", "reference_id": "RHSA-2023:7116", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7116" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7368", "reference_id": "RHSA-2023:7368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7543", "reference_id": "RHSA-2023:7543", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7543" }, { "reference_url": "https://usn.ubuntu.com/5907-1/", "reference_id": "USN-5907-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5907-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584724?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3" } ], "aliases": [ "CVE-2022-4904" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5vh6-usw6-2qhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81000?format=api", "vulnerability_id": "VCID-gx39-xzj1-vfb7", "summary": "c-ares: ares_destroy() with pending ares_getaddrinfo() leads to Use-After-Free", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14354.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14354.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14354", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40602", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40687", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40715", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40637", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40688", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40697", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40714", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40679", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.4066", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14354" }, { "reference_url": "https://c-ares.haxx.se/changelog.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://c-ares.haxx.se/changelog.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14354" }, { "reference_url": "https://packetstormsecurity.com/files/158755/GS20200804145053.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://packetstormsecurity.com/files/158755/GS20200804145053.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866838", "reference_id": "1866838", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866838" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14354", "reference_id": "CVE-2020-14354", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14354" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584724?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-14354" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gx39-xzj1-vfb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78155?format=api", "vulnerability_id": "VCID-krvu-3d14-yudt", "summary": "c-ares: Heap buffer over read in ares_parse_soa_reply", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-22217.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-22217.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-22217", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30187", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30217", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30089", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30179", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30182", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30139", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30266", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30084", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30144", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-22217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22217" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235527", "reference_id": "2235527", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235527" }, { "reference_url": "https://github.com/c-ares/c-ares/issues/333", "reference_id": "333", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T19:59:20Z/" } ], "url": "https://github.com/c-ares/c-ares/issues/333" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00014.html", "reference_id": "msg00014.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T19:59:20Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00014.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7207", "reference_id": "RHSA-2023:7207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0419", "reference_id": "RHSA-2024:0419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0419" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0578", "reference_id": "RHSA-2024:0578", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0578" }, { "reference_url": "https://usn.ubuntu.com/6376-1/", "reference_id": "USN-6376-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6376-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584724?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-22217" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-krvu-3d14-yudt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35492?format=api", "vulnerability_id": "VCID-m4sn-7wuq-e3cd", "summary": "A Denial of Service vulnerability was discovered in c-ares.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8277.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8277.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.98219", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.98233", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.98226", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.9823", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.98222", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.98225", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8277" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898554", "reference_id": "1898554", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898554" }, { "reference_url": "https://security.archlinux.org/ASA-202011-18", "reference_id": "ASA-202011-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202011-18" }, { "reference_url": "https://security.archlinux.org/AVG-1280", "reference_id": "AVG-1280", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1280" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8277", "reference_id": "CVE-2020-8277", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8277" }, { "reference_url": "https://security.gentoo.org/glsa/202012-11", "reference_id": "GLSA-202012-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202012-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5305", "reference_id": "RHSA-2020:5305", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5305" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5499", "reference_id": "RHSA-2020:5499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0421", "reference_id": "RHSA-2021:0421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0551", "reference_id": "RHSA-2021:0551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0551" }, { "reference_url": "https://usn.ubuntu.com/4638-1/", "reference_id": "USN-4638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584724?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-8277" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m4sn-7wuq-e3cd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17723?format=api", "vulnerability_id": "VCID-pavw-rssx-53cg", "summary": "Uncontrolled Resource Consumption\nc-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32067.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32067.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32067", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61263", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61309", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61292", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.6126", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61307", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61322", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61342", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61328", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32067" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31130" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32067", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32067" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/" } ], "url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209502", "reference_id": "2209502", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209502" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32067", "reference_id": "CVE-2023-32067", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32067" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5419", "reference_id": "dsa-5419", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5419" }, { "reference_url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc", "reference_id": "GHSA-9g78-jv2r-p7vc", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/" } ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc" }, { "reference_url": "https://security.gentoo.org/glsa/202310-09", "reference_id": "GLSA-202310-09", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/" } ], "url": "https://security.gentoo.org/glsa/202310-09" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html", "reference_id": "msg00034.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240605-0004/", "reference_id": "ntap-20240605-0004", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240605-0004/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3559", "reference_id": "RHSA-2023:3559", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3559" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3577", "reference_id": "RHSA-2023:3577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3583", "reference_id": "RHSA-2023:3583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3583" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3584", "reference_id": "RHSA-2023:3584", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3584" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3586", "reference_id": "RHSA-2023:3586", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3586" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3660", "reference_id": "RHSA-2023:3660", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3660" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3662", "reference_id": "RHSA-2023:3662", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3662" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3665", "reference_id": "RHSA-2023:3665", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3665" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3677", "reference_id": "RHSA-2023:3677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3741", "reference_id": "RHSA-2023:3741", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3741" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4033", "reference_id": "RHSA-2023:4033", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4033" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4034", "reference_id": "RHSA-2023:4034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4035", "reference_id": "RHSA-2023:4035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4036", "reference_id": "RHSA-2023:4036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4039", "reference_id": "RHSA-2023:4039", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4039" }, { "reference_url": "https://usn.ubuntu.com/6164-1/", "reference_id": "USN-6164-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6164-1/" }, { "reference_url": "https://usn.ubuntu.com/6164-2/", "reference_id": "USN-6164-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6164-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584724?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3" } ], "aliases": [ "CVE-2023-32067", "GHSA-9g78-jv2r-p7vc" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pavw-rssx-53cg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17721?format=api", "vulnerability_id": "VCID-vezx-cgbw-zqdp", "summary": "Buffer Underwrite ('Buffer Underflow')\nc-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular \"0::00:00:00/2\" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31130.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31130.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31130", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01782", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01785", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01788", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01801", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01794", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01784", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31130" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31130" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32067", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32067" }, { "reference_url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/" } ], "url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209497", "reference_id": "2209497", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209497" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31130", "reference_id": "CVE-2023-31130", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31130" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5419", "reference_id": "dsa-5419", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5419" }, { "reference_url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v", "reference_id": "GHSA-x6mf-cxr9-8q6v", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/" } ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v" }, { "reference_url": "https://security.gentoo.org/glsa/202310-09", "reference_id": "GLSA-202310-09", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/" } ], "url": "https://security.gentoo.org/glsa/202310-09" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html", "reference_id": "msg00034.html", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240605-0005/", "reference_id": "ntap-20240605-0005", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240605-0005/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3577", "reference_id": "RHSA-2023:3577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3586", "reference_id": "RHSA-2023:3586", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3586" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4033", "reference_id": "RHSA-2023:4033", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4033" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4034", "reference_id": "RHSA-2023:4034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4035", "reference_id": "RHSA-2023:4035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4036", "reference_id": "RHSA-2023:4036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4039", "reference_id": "RHSA-2023:4039", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4039" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6635", "reference_id": "RHSA-2023:6635", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6635" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7207", "reference_id": "RHSA-2023:7207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7392", "reference_id": "RHSA-2023:7392", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7392" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7543", "reference_id": "RHSA-2023:7543", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7543" }, { "reference_url": "https://usn.ubuntu.com/6164-1/", "reference_id": "USN-6164-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6164-1/" }, { "reference_url": "https://usn.ubuntu.com/6164-2/", "reference_id": "USN-6164-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6164-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584724?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3" } ], "aliases": [ "CVE-2023-31130", "GHSA-x6mf-cxr9-8q6v" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vezx-cgbw-zqdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84234?format=api", "vulnerability_id": "VCID-w3cx-2jcp-pyga", "summary": "c-ares: NAPTR parser out of bounds access", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000381.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000381.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000381", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66165", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66239", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66263", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66284", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66271", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66206", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66233", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66203", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.6625", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000381" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000381" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463132", "reference_id": "1463132", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463132" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865360", "reference_id": "865360", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865360" }, { "reference_url": "https://security.archlinux.org/ASA-201707-21", "reference_id": "ASA-201707-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-21" }, { "reference_url": "https://security.archlinux.org/AVG-315", "reference_id": "AVG-315", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2908", "reference_id": "RHSA-2017:2908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2908" }, { "reference_url": "https://usn.ubuntu.com/3395-1/", "reference_id": "USN-3395-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3395-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4796-1/", "reference_id": "USN-USN-4796-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4796-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038089?format=api", "purl": "pkg:deb/debian/c-ares@1.14.0-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1xdz-dku3-qqc4" }, { "vulnerability": "VCID-5vh6-usw6-2qhy" }, { "vulnerability": "VCID-gx39-xzj1-vfb7" }, { "vulnerability": "VCID-krvu-3d14-yudt" }, { "vulnerability": "VCID-m4sn-7wuq-e3cd" }, { "vulnerability": "VCID-pavw-rssx-53cg" }, { "vulnerability": "VCID-vezx-cgbw-zqdp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.14.0-1%252Bdeb10u1" } ], "aliases": [ "CVE-2017-1000381" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w3cx-2jcp-pyga" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47188?format=api", "vulnerability_id": "VCID-33wk-w9ez-vyd2", "summary": "A heap-based buffer overflow in c-ares might allow remote attackers\n to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5180.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5180.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5180", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95153", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.9519", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95186", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95187", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95164", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95166", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95169", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95176", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.9518", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5180" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5180", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5180" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1380463", "reference_id": "1380463", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1380463" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839151", "reference_id": "839151", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839151" }, { "reference_url": "https://security.archlinux.org/ASA-201609-31", "reference_id": "ASA-201609-31", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201609-31" }, { "reference_url": "https://security.archlinux.org/AVG-37", "reference_id": "AVG-37", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-37" }, { "reference_url": "https://security.gentoo.org/glsa/201701-28", "reference_id": "GLSA-201701-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0002", "reference_id": "RHSA-2017:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0002" }, { "reference_url": "https://usn.ubuntu.com/3143-1/", "reference_id": "USN-3143-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3143-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036384?format=api", "purl": "pkg:deb/debian/c-ares@1.10.0-2%2Bdeb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1xdz-dku3-qqc4" }, { "vulnerability": "VCID-33wk-w9ez-vyd2" }, { "vulnerability": "VCID-5vh6-usw6-2qhy" }, { "vulnerability": "VCID-gx39-xzj1-vfb7" }, { "vulnerability": "VCID-krvu-3d14-yudt" }, { "vulnerability": "VCID-m4sn-7wuq-e3cd" }, { "vulnerability": "VCID-pavw-rssx-53cg" }, { "vulnerability": "VCID-vezx-cgbw-zqdp" }, { "vulnerability": "VCID-w3cx-2jcp-pyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.10.0-2%252Bdeb8u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1038088?format=api", "purl": "pkg:deb/debian/c-ares@1.12.0-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1xdz-dku3-qqc4" }, { "vulnerability": "VCID-5vh6-usw6-2qhy" }, { "vulnerability": "VCID-gx39-xzj1-vfb7" }, { "vulnerability": "VCID-krvu-3d14-yudt" }, { "vulnerability": "VCID-m4sn-7wuq-e3cd" }, { "vulnerability": "VCID-pavw-rssx-53cg" }, { "vulnerability": "VCID-vezx-cgbw-zqdp" }, { "vulnerability": "VCID-w3cx-2jcp-pyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.12.0-1%252Bdeb9u1" } ], "aliases": [ "CVE-2016-5180" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-33wk-w9ez-vyd2" } ], "risk_score": "3.9", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.12.0-1%252Bdeb9u1" }