Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1076495?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1076495?format=api", "purl": "pkg:deb/debian/dnsdist@2.0.4-1", "type": "deb", "namespace": "debian", "name": "dnsdist", "version": "2.0.4-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353755?format=api", "vulnerability_id": "VCID-1mgq-74b9-4bcg", "summary": "A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33595", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01113", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33595" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33595", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33595" }, { "reference_url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html", "reference_id": "powerdns-advisory-for-dnsdist-2026-04.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:40:24Z/" } ], "url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076495?format=api", "purl": "pkg:deb/debian/dnsdist@2.0.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1" } ], "aliases": [ "CVE-2026-33595" ], "risk_score": 1.3, "exploitability": "0.5", "weighted_severity": "2.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1mgq-74b9-4bcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353731?format=api", "vulnerability_id": "VCID-744k-b7s7-kbh5", "summary": "A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade (Lua) option to newServer or auto_upgrade (YAML) settings. DDR upgrade is not enabled by default.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33599", "reference_id": "", "reference_type": "", "scores": [ { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00277", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33599" }, { "reference_url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html", "reference_id": "powerdns-advisory-for-dnsdist-2026-04.html", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:50:15Z/" } ], "url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076495?format=api", "purl": "pkg:deb/debian/dnsdist@2.0.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1" } ], "aliases": [ "CVE-2026-33599" ], "risk_score": 0.8, "exploitability": "0.5", "weighted_severity": "1.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-744k-b7s7-kbh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353732?format=api", "vulnerability_id": "VCID-7xds-447f-qufr", "summary": "A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33596", "reference_id": "", "reference_type": "", "scores": [ { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00279", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33596" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33596", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33596" }, { "reference_url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html", "reference_id": "powerdns-advisory-for-dnsdist-2026-04.html", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:43:12Z/" } ], "url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076495?format=api", "purl": "pkg:deb/debian/dnsdist@2.0.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1" } ], "aliases": [ "CVE-2026-33596" ], "risk_score": 0.8, "exploitability": "0.5", "weighted_severity": "1.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7xds-447f-qufr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353745?format=api", "vulnerability_id": "VCID-a65j-y7z3-fudk", "summary": "A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33602", "reference_id": "", "reference_type": "", "scores": [ { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00235", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33602" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33602", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33602" }, { "reference_url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html", "reference_id": "powerdns-advisory-for-dnsdist-2026-04.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:46:39Z/" } ], "url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076495?format=api", "purl": "pkg:deb/debian/dnsdist@2.0.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1" } ], "aliases": [ "CVE-2026-33602" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a65j-y7z3-fudk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353736?format=api", "vulnerability_id": "VCID-afun-gxhy-rbed", "summary": "A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33593", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05546", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33593" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33593", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33593" }, { "reference_url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html", "reference_id": "powerdns-advisory-for-dnsdist-2026-04.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:29:04Z/" } ], "url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076495?format=api", "purl": "pkg:deb/debian/dnsdist@2.0.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1" } ], "aliases": [ "CVE-2026-33593" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-afun-gxhy-rbed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353753?format=api", "vulnerability_id": "VCID-chzq-qej6-rkdq", "summary": "An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33257", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00988", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33257" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33257", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33257" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html", "reference_id": "powerdns-advisory-2026-05.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:48Z/" } ], "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html" }, { "reference_url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html", "reference_id": "powerdns-advisory-for-dnsdist-2026-04.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:48Z/" } ], "url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html" }, { "reference_url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html", "reference_id": "powerdns-advisory-powerdns-2026-03.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:48Z/" } ], "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076495?format=api", "purl": "pkg:deb/debian/dnsdist@2.0.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1" } ], "aliases": [ "CVE-2026-33257" ], "risk_score": 1.3, "exploitability": "0.5", "weighted_severity": "2.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-chzq-qej6-rkdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353749?format=api", "vulnerability_id": "VCID-fbsf-bbw7-kyah", "summary": "PRSD detection denial of service", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33597", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01911", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33597" }, { "reference_url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html", "reference_id": "powerdns-advisory-for-dnsdist-2026-04.html", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:41:11Z/" } ], "url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076495?format=api", "purl": "pkg:deb/debian/dnsdist@2.0.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1" } ], "aliases": [ "CVE-2026-33597" ], "risk_score": 0.9, "exploitability": "0.5", "weighted_severity": "1.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fbsf-bbw7-kyah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353743?format=api", "vulnerability_id": "VCID-nrex-hpxg-ekhs", "summary": "A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33594", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01113", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33594" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33594", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33594" }, { "reference_url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html", "reference_id": "powerdns-advisory-for-dnsdist-2026-04.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:36:44Z/" } ], "url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076495?format=api", "purl": "pkg:deb/debian/dnsdist@2.0.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1" } ], "aliases": [ "CVE-2026-33594" ], "risk_score": 1.3, "exploitability": "0.5", "weighted_severity": "2.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nrex-hpxg-ekhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353751?format=api", "vulnerability_id": "VCID-pfhu-1qdf-p7d5", "summary": "An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33260", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00988", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33260" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33260", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33260" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html", "reference_id": "powerdns-advisory-2026-05.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:50Z/" } ], "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html" }, { "reference_url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html", "reference_id": "powerdns-advisory-for-dnsdist-2026-04.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:50Z/" } ], "url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html" }, { "reference_url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html", "reference_id": "powerdns-advisory-powerdns-2026-03.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:50Z/" } ], "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076495?format=api", "purl": "pkg:deb/debian/dnsdist@2.0.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1" } ], "aliases": [ "CVE-2026-33260" ], "risk_score": 1.3, "exploitability": "0.5", "weighted_severity": "2.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pfhu-1qdf-p7d5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353741?format=api", "vulnerability_id": "VCID-qc7c-1d8j-hfha", "summary": "A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on a packet cache.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33598", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01005", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33598" }, { "reference_url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html", "reference_id": "powerdns-advisory-for-dnsdist-2026-04.html", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:49:38Z/" } ], "url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076495?format=api", "purl": "pkg:deb/debian/dnsdist@2.0.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1" } ], "aliases": [ "CVE-2026-33598" ], "risk_score": 1.2, "exploitability": "0.5", "weighted_severity": "2.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qc7c-1d8j-hfha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353746?format=api", "vulnerability_id": "VCID-ytdy-s1ug-dkh7", "summary": "An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33254", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01103", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33254" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33254", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33254" }, { "reference_url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html", "reference_id": "powerdns-advisory-for-dnsdist-2026-04.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:51:24Z/" } ], "url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076495?format=api", "purl": "pkg:deb/debian/dnsdist@2.0.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1" } ], "aliases": [ "CVE-2026-33254" ], "risk_score": 1.3, "exploitability": "0.5", "weighted_severity": "2.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ytdy-s1ug-dkh7" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1" }