Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/newlib@3.3.0-1
Typedeb
Namespacedebian
Namenewlib
Version3.3.0-1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.4.0.20231231-4
Latest_non_vulnerable_version4.4.0.20231231-4
Affected_by_vulnerabilities
0
url VCID-cztw-ay3e-cfeq
vulnerability_id VCID-cztw-ay3e-cfeq
summary newlib: arbitrary code execution via the time unit scaling in the _gettimeofday function
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30949.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30949.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-30949
reference_id
reference_type
scores
0
value 0.00693
scoring_system epss
scoring_elements 0.71883
published_at 2026-04-21T12:55:00Z
1
value 0.00693
scoring_system epss
scoring_elements 0.71852
published_at 2026-04-13T12:55:00Z
2
value 0.00693
scoring_system epss
scoring_elements 0.71863
published_at 2026-04-09T12:55:00Z
3
value 0.00693
scoring_system epss
scoring_elements 0.71887
published_at 2026-04-11T12:55:00Z
4
value 0.00693
scoring_system epss
scoring_elements 0.71869
published_at 2026-04-12T12:55:00Z
5
value 0.00693
scoring_system epss
scoring_elements 0.71895
published_at 2026-04-16T12:55:00Z
6
value 0.00693
scoring_system epss
scoring_elements 0.719
published_at 2026-04-18T12:55:00Z
7
value 0.00693
scoring_system epss
scoring_elements 0.71821
published_at 2026-04-02T12:55:00Z
8
value 0.00693
scoring_system epss
scoring_elements 0.7184
published_at 2026-04-04T12:55:00Z
9
value 0.00693
scoring_system epss
scoring_elements 0.71813
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-30949
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30949
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30949
3
reference_url https://inbox.sourceware.org/newlib/20231129035714.469943-1-visitorckw%40gmail.com/
reference_id 20231129035714.469943-1-visitorckw%40gmail.com
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-20T17:35:37Z/
url https://inbox.sourceware.org/newlib/20231129035714.469943-1-visitorckw%40gmail.com/
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2306118
reference_id 2306118
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2306118
5
reference_url https://gist.github.com/visitorckw/6b26e599241ea80210ea136b28441661
reference_id 6b26e599241ea80210ea136b28441661
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-20T17:35:37Z/
url https://gist.github.com/visitorckw/6b26e599241ea80210ea136b28441661
6
reference_url https://sourceware.org/git/?p=newlib-cygwin.git%3Ba=commit%3Bh=5f15d7c5817b07a6b18cbab17342c95cb7b42be4
reference_id ?p=newlib-cygwin.git%3Ba=commit%3Bh=5f15d7c5817b07a6b18cbab17342c95cb7b42be4
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-20T17:35:37Z/
url https://sourceware.org/git/?p=newlib-cygwin.git%3Ba=commit%3Bh=5f15d7c5817b07a6b18cbab17342c95cb7b42be4
fixed_packages
0
url pkg:deb/debian/newlib@4.4.0.20231231-4
purl pkg:deb/debian/newlib@4.4.0.20231231-4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.4.0.20231231-4
aliases CVE-2024-30949
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cztw-ay3e-cfeq
1
url VCID-pw8g-an3z-jydv
vulnerability_id VCID-pw8g-an3z-jydv
summary A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3420
reference_id
reference_type
scores
0
value 0.00138
scoring_system epss
scoring_elements 0.33939
published_at 2026-04-13T12:55:00Z
1
value 0.00138
scoring_system epss
scoring_elements 0.33977
published_at 2026-04-16T12:55:00Z
2
value 0.00138
scoring_system epss
scoring_elements 0.33962
published_at 2026-04-18T12:55:00Z
3
value 0.00138
scoring_system epss
scoring_elements 0.33931
published_at 2026-04-21T12:55:00Z
4
value 0.00181
scoring_system epss
scoring_elements 0.39814
published_at 2026-04-08T12:55:00Z
5
value 0.00181
scoring_system epss
scoring_elements 0.39828
published_at 2026-04-09T12:55:00Z
6
value 0.00181
scoring_system epss
scoring_elements 0.39666
published_at 2026-04-01T12:55:00Z
7
value 0.00181
scoring_system epss
scoring_elements 0.39801
published_at 2026-04-12T12:55:00Z
8
value 0.00181
scoring_system epss
scoring_elements 0.39837
published_at 2026-04-11T12:55:00Z
9
value 0.00181
scoring_system epss
scoring_elements 0.39815
published_at 2026-04-02T12:55:00Z
10
value 0.00181
scoring_system epss
scoring_elements 0.39838
published_at 2026-04-04T12:55:00Z
11
value 0.00181
scoring_system epss
scoring_elements 0.39759
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3420
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3420
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3420
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984446
reference_id 984446
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984446
fixed_packages
0
url pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1
purl pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cztw-ay3e-cfeq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1
aliases CVE-2021-3420
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pw8g-an3z-jydv
Fixing_vulnerabilities
0
url VCID-4z5d-zj37-yfcc
vulnerability_id VCID-4z5d-zj37-yfcc
summary The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and other newlib macros in versions prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset (as is the case in production firmware builds).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14871
reference_id
reference_type
scores
0
value 0.00465
scoring_system epss
scoring_elements 0.64393
published_at 2026-04-21T12:55:00Z
1
value 0.00465
scoring_system epss
scoring_elements 0.64391
published_at 2026-04-16T12:55:00Z
2
value 0.00465
scoring_system epss
scoring_elements 0.64402
published_at 2026-04-18T12:55:00Z
3
value 0.00465
scoring_system epss
scoring_elements 0.64276
published_at 2026-04-01T12:55:00Z
4
value 0.00465
scoring_system epss
scoring_elements 0.64334
published_at 2026-04-02T12:55:00Z
5
value 0.00465
scoring_system epss
scoring_elements 0.64363
published_at 2026-04-04T12:55:00Z
6
value 0.00465
scoring_system epss
scoring_elements 0.64321
published_at 2026-04-07T12:55:00Z
7
value 0.00465
scoring_system epss
scoring_elements 0.6437
published_at 2026-04-08T12:55:00Z
8
value 0.00465
scoring_system epss
scoring_elements 0.64384
published_at 2026-04-12T12:55:00Z
9
value 0.00465
scoring_system epss
scoring_elements 0.64397
published_at 2026-04-11T12:55:00Z
10
value 0.00465
scoring_system epss
scoring_elements 0.64355
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14871
1
reference_url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14871
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14871
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14871
reference_id CVE-2019-14871
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-14871
fixed_packages
0
url pkg:deb/debian/newlib@3.3.0-1
purl pkg:deb/debian/newlib@3.3.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cztw-ay3e-cfeq
1
vulnerability VCID-pw8g-an3z-jydv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1
aliases CVE-2019-14871
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4z5d-zj37-yfcc
1
url VCID-6y3x-44kq-wkgt
vulnerability_id VCID-6y3x-44kq-wkgt
summary The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory allocations without checking their return value. This could result in NULL pointer dereference.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14872
reference_id
reference_type
scores
0
value 0.00414
scoring_system epss
scoring_elements 0.61648
published_at 2026-04-21T12:55:00Z
1
value 0.00414
scoring_system epss
scoring_elements 0.61658
published_at 2026-04-16T12:55:00Z
2
value 0.00414
scoring_system epss
scoring_elements 0.61663
published_at 2026-04-18T12:55:00Z
3
value 0.00414
scoring_system epss
scoring_elements 0.6149
published_at 2026-04-01T12:55:00Z
4
value 0.00414
scoring_system epss
scoring_elements 0.61564
published_at 2026-04-07T12:55:00Z
5
value 0.00414
scoring_system epss
scoring_elements 0.61593
published_at 2026-04-04T12:55:00Z
6
value 0.00414
scoring_system epss
scoring_elements 0.61612
published_at 2026-04-08T12:55:00Z
7
value 0.00414
scoring_system epss
scoring_elements 0.61626
published_at 2026-04-09T12:55:00Z
8
value 0.00414
scoring_system epss
scoring_elements 0.61647
published_at 2026-04-11T12:55:00Z
9
value 0.00414
scoring_system epss
scoring_elements 0.61636
published_at 2026-04-12T12:55:00Z
10
value 0.00414
scoring_system epss
scoring_elements 0.61616
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14872
1
reference_url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14872
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14872
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14872
reference_id CVE-2019-14872
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-14872
fixed_packages
0
url pkg:deb/debian/newlib@3.3.0-1
purl pkg:deb/debian/newlib@3.3.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cztw-ay3e-cfeq
1
vulnerability VCID-pw8g-an3z-jydv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1
aliases CVE-2019-14872
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6y3x-44kq-wkgt
2
url VCID-8y56-twub-8kfu
vulnerability_id VCID-8y56-twub-8kfu
summary In the __lshift function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access to b1 will trigger a null pointer dereference bug in case of a memory allocation failure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14876
reference_id
reference_type
scores
0
value 0.00178
scoring_system epss
scoring_elements 0.3935
published_at 2026-04-21T12:55:00Z
1
value 0.00178
scoring_system epss
scoring_elements 0.39464
published_at 2026-04-16T12:55:00Z
2
value 0.00178
scoring_system epss
scoring_elements 0.39436
published_at 2026-04-18T12:55:00Z
3
value 0.00178
scoring_system epss
scoring_elements 0.39283
published_at 2026-04-01T12:55:00Z
4
value 0.00178
scoring_system epss
scoring_elements 0.39448
published_at 2026-04-02T12:55:00Z
5
value 0.00178
scoring_system epss
scoring_elements 0.39473
published_at 2026-04-04T12:55:00Z
6
value 0.00178
scoring_system epss
scoring_elements 0.39386
published_at 2026-04-07T12:55:00Z
7
value 0.00178
scoring_system epss
scoring_elements 0.39442
published_at 2026-04-08T12:55:00Z
8
value 0.00178
scoring_system epss
scoring_elements 0.39457
published_at 2026-04-09T12:55:00Z
9
value 0.00178
scoring_system epss
scoring_elements 0.39468
published_at 2026-04-11T12:55:00Z
10
value 0.00178
scoring_system epss
scoring_elements 0.3943
published_at 2026-04-12T12:55:00Z
11
value 0.00178
scoring_system epss
scoring_elements 0.39413
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14876
1
reference_url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14876
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14876
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14876
reference_id CVE-2019-14876
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-14876
fixed_packages
0
url pkg:deb/debian/newlib@3.3.0-1
purl pkg:deb/debian/newlib@3.3.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cztw-ay3e-cfeq
1
vulnerability VCID-pw8g-an3z-jydv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1
aliases CVE-2019-14876
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8y56-twub-8kfu
3
url VCID-c26b-vetm-y3ak
vulnerability_id VCID-c26b-vetm-y3ak
summary In the __multiply function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14875
reference_id
reference_type
scores
0
value 0.00401
scoring_system epss
scoring_elements 0.60782
published_at 2026-04-18T12:55:00Z
1
value 0.00401
scoring_system epss
scoring_elements 0.60735
published_at 2026-04-13T12:55:00Z
2
value 0.00401
scoring_system epss
scoring_elements 0.60778
published_at 2026-04-16T12:55:00Z
3
value 0.00401
scoring_system epss
scoring_elements 0.60605
published_at 2026-04-01T12:55:00Z
4
value 0.00401
scoring_system epss
scoring_elements 0.6068
published_at 2026-04-07T12:55:00Z
5
value 0.00401
scoring_system epss
scoring_elements 0.60709
published_at 2026-04-04T12:55:00Z
6
value 0.00401
scoring_system epss
scoring_elements 0.60728
published_at 2026-04-08T12:55:00Z
7
value 0.00401
scoring_system epss
scoring_elements 0.60743
published_at 2026-04-09T12:55:00Z
8
value 0.00401
scoring_system epss
scoring_elements 0.60767
published_at 2026-04-21T12:55:00Z
9
value 0.00401
scoring_system epss
scoring_elements 0.60754
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14875
1
reference_url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14875
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14875
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14875
reference_id CVE-2019-14875
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-14875
fixed_packages
0
url pkg:deb/debian/newlib@3.3.0-1
purl pkg:deb/debian/newlib@3.3.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cztw-ay3e-cfeq
1
vulnerability VCID-pw8g-an3z-jydv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1
aliases CVE-2019-14875
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c26b-vetm-y3ak
4
url VCID-ecf9-k21a-t3c8
vulnerability_id VCID-ecf9-k21a-t3c8
summary In the __multadd function of the newlib libc library, prior to versions 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. This will trigger a null pointer dereference bug in case of a memory allocation failure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14873
reference_id
reference_type
scores
0
value 0.00401
scoring_system epss
scoring_elements 0.60782
published_at 2026-04-18T12:55:00Z
1
value 0.00401
scoring_system epss
scoring_elements 0.60735
published_at 2026-04-13T12:55:00Z
2
value 0.00401
scoring_system epss
scoring_elements 0.60778
published_at 2026-04-16T12:55:00Z
3
value 0.00401
scoring_system epss
scoring_elements 0.60605
published_at 2026-04-01T12:55:00Z
4
value 0.00401
scoring_system epss
scoring_elements 0.6068
published_at 2026-04-07T12:55:00Z
5
value 0.00401
scoring_system epss
scoring_elements 0.60709
published_at 2026-04-04T12:55:00Z
6
value 0.00401
scoring_system epss
scoring_elements 0.60728
published_at 2026-04-08T12:55:00Z
7
value 0.00401
scoring_system epss
scoring_elements 0.60743
published_at 2026-04-09T12:55:00Z
8
value 0.00401
scoring_system epss
scoring_elements 0.60767
published_at 2026-04-21T12:55:00Z
9
value 0.00401
scoring_system epss
scoring_elements 0.60754
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14873
1
reference_url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14873
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14873
reference_id CVE-2019-14873
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-14873
fixed_packages
0
url pkg:deb/debian/newlib@3.3.0-1
purl pkg:deb/debian/newlib@3.3.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cztw-ay3e-cfeq
1
vulnerability VCID-pw8g-an3z-jydv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1
aliases CVE-2019-14873
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ecf9-k21a-t3c8
5
url VCID-k2zw-2gbs-eugx
vulnerability_id VCID-k2zw-2gbs-eugx
summary In the __d2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. Accessing _x will trigger a null pointer dereference bug in case of a memory allocation failure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14878
reference_id
reference_type
scores
0
value 0.00309
scoring_system epss
scoring_elements 0.5411
published_at 2026-04-21T12:55:00Z
1
value 0.00309
scoring_system epss
scoring_elements 0.54126
published_at 2026-04-16T12:55:00Z
2
value 0.00309
scoring_system epss
scoring_elements 0.5413
published_at 2026-04-18T12:55:00Z
3
value 0.00309
scoring_system epss
scoring_elements 0.54005
published_at 2026-04-01T12:55:00Z
4
value 0.00309
scoring_system epss
scoring_elements 0.54023
published_at 2026-04-02T12:55:00Z
5
value 0.00309
scoring_system epss
scoring_elements 0.54049
published_at 2026-04-04T12:55:00Z
6
value 0.00309
scoring_system epss
scoring_elements 0.54026
published_at 2026-04-07T12:55:00Z
7
value 0.00309
scoring_system epss
scoring_elements 0.54078
published_at 2026-04-08T12:55:00Z
8
value 0.00309
scoring_system epss
scoring_elements 0.54076
published_at 2026-04-09T12:55:00Z
9
value 0.00309
scoring_system epss
scoring_elements 0.54122
published_at 2026-04-11T12:55:00Z
10
value 0.00309
scoring_system epss
scoring_elements 0.54104
published_at 2026-04-12T12:55:00Z
11
value 0.00309
scoring_system epss
scoring_elements 0.54087
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14878
1
reference_url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14878
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14878
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14878
reference_id CVE-2019-14878
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-14878
fixed_packages
0
url pkg:deb/debian/newlib@3.3.0-1
purl pkg:deb/debian/newlib@3.3.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cztw-ay3e-cfeq
1
vulnerability VCID-pw8g-an3z-jydv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1
aliases CVE-2019-14878
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k2zw-2gbs-eugx
6
url VCID-n637-g4ee-tuhz
vulnerability_id VCID-n637-g4ee-tuhz
summary In the __i2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _ x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14874
reference_id
reference_type
scores
0
value 0.00401
scoring_system epss
scoring_elements 0.60782
published_at 2026-04-18T12:55:00Z
1
value 0.00401
scoring_system epss
scoring_elements 0.60735
published_at 2026-04-13T12:55:00Z
2
value 0.00401
scoring_system epss
scoring_elements 0.60778
published_at 2026-04-16T12:55:00Z
3
value 0.00401
scoring_system epss
scoring_elements 0.60605
published_at 2026-04-01T12:55:00Z
4
value 0.00401
scoring_system epss
scoring_elements 0.6068
published_at 2026-04-07T12:55:00Z
5
value 0.00401
scoring_system epss
scoring_elements 0.60709
published_at 2026-04-04T12:55:00Z
6
value 0.00401
scoring_system epss
scoring_elements 0.60728
published_at 2026-04-08T12:55:00Z
7
value 0.00401
scoring_system epss
scoring_elements 0.60743
published_at 2026-04-09T12:55:00Z
8
value 0.00401
scoring_system epss
scoring_elements 0.60767
published_at 2026-04-21T12:55:00Z
9
value 0.00401
scoring_system epss
scoring_elements 0.60754
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14874
1
reference_url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14874
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14874
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14874
reference_id CVE-2019-14874
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-14874
fixed_packages
0
url pkg:deb/debian/newlib@3.3.0-1
purl pkg:deb/debian/newlib@3.3.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cztw-ay3e-cfeq
1
vulnerability VCID-pw8g-an3z-jydv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1
aliases CVE-2019-14874
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n637-g4ee-tuhz
7
url VCID-nsa5-ccpm-pufk
vulnerability_id VCID-nsa5-ccpm-pufk
summary In the __mdiff function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate big integers, however no check is performed to verify if the allocation succeeded or not. The access to _wds and _sign will trigger a null pointer dereference bug in case of a memory allocation failure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14877
reference_id
reference_type
scores
0
value 0.00309
scoring_system epss
scoring_elements 0.5411
published_at 2026-04-21T12:55:00Z
1
value 0.00309
scoring_system epss
scoring_elements 0.54126
published_at 2026-04-16T12:55:00Z
2
value 0.00309
scoring_system epss
scoring_elements 0.5413
published_at 2026-04-18T12:55:00Z
3
value 0.00309
scoring_system epss
scoring_elements 0.54005
published_at 2026-04-01T12:55:00Z
4
value 0.00309
scoring_system epss
scoring_elements 0.54023
published_at 2026-04-02T12:55:00Z
5
value 0.00309
scoring_system epss
scoring_elements 0.54049
published_at 2026-04-04T12:55:00Z
6
value 0.00309
scoring_system epss
scoring_elements 0.54026
published_at 2026-04-07T12:55:00Z
7
value 0.00309
scoring_system epss
scoring_elements 0.54078
published_at 2026-04-08T12:55:00Z
8
value 0.00309
scoring_system epss
scoring_elements 0.54076
published_at 2026-04-09T12:55:00Z
9
value 0.00309
scoring_system epss
scoring_elements 0.54122
published_at 2026-04-11T12:55:00Z
10
value 0.00309
scoring_system epss
scoring_elements 0.54104
published_at 2026-04-12T12:55:00Z
11
value 0.00309
scoring_system epss
scoring_elements 0.54087
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14877
1
reference_url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14877
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14877
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14877
reference_id CVE-2019-14877
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-14877
fixed_packages
0
url pkg:deb/debian/newlib@3.3.0-1
purl pkg:deb/debian/newlib@3.3.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cztw-ay3e-cfeq
1
vulnerability VCID-pw8g-an3z-jydv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1
aliases CVE-2019-14877
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nsa5-ccpm-pufk
Risk_score4.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1