Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/363142?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/363142?format=api", "purl": "pkg:apk/alpine/binutils@2.30-r6?arch=ppc64le&distroversion=v3.8&reponame=main", "type": "apk", "namespace": "alpine", "name": "binutils", "version": "2.30-r6", "qualifiers": { "arch": "ppc64le", "distroversion": "v3.8", "reponame": "main" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60668?format=api", "vulnerability_id": "VCID-3pmm-rx2y-wbf9", "summary": "The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6759.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6759.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6759", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39521", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39607", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39555", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39611", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39584", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6759" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6759", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6759" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1543244", "reference_id": "1543244", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1543244" }, { "reference_url": "https://security.gentoo.org/glsa/201811-17", "reference_id": "GLSA-201811-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-17" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/363142?format=api", "purl": "pkg:apk/alpine/binutils@2.30-r6?arch=ppc64le&distroversion=v3.8&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/binutils@2.30-r6%3Farch=ppc64le&distroversion=v3.8&reponame=main" } ], "aliases": [ "CVE-2018-6759" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3pmm-rx2y-wbf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60670?format=api", "vulnerability_id": "VCID-68jq-e71y-c3bb", "summary": "In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7208.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7208.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7208", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.4209", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42165", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42112", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42175", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42147", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7208" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7208", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7208" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546622", "reference_id": "1546622", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546622" }, { "reference_url": "https://security.gentoo.org/glsa/201811-17", "reference_id": "GLSA-201811-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3032", "reference_id": "RHSA-2018:3032", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3032" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/363142?format=api", "purl": "pkg:apk/alpine/binutils@2.30-r6?arch=ppc64le&distroversion=v3.8&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/binutils@2.30-r6%3Farch=ppc64le&distroversion=v3.8&reponame=main" } ], "aliases": [ "CVE-2018-7208" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-68jq-e71y-c3bb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60672?format=api", "vulnerability_id": "VCID-8a9a-h9tq-wkev", "summary": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7569.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7569.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7569", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5595", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56005", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55982", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56011", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55998", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7569", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7569" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551778", "reference_id": "1551778", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551778" }, { "reference_url": "https://security.gentoo.org/glsa/201811-17", "reference_id": "GLSA-201811-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3032", "reference_id": "RHSA-2018:3032", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3032" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/363142?format=api", "purl": "pkg:apk/alpine/binutils@2.30-r6?arch=ppc64le&distroversion=v3.8&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/binutils@2.30-r6%3Farch=ppc64le&distroversion=v3.8&reponame=main" } ], "aliases": [ "CVE-2018-7569" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8a9a-h9tq-wkev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60669?format=api", "vulnerability_id": "VCID-a27p-sf1w-f7cp", "summary": "The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6872.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6872.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6872", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41777", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41853", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41799", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41863", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41834", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6872" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6872", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6872" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1543969", "reference_id": "1543969", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1543969" }, { "reference_url": "https://security.gentoo.org/glsa/201811-17", "reference_id": "GLSA-201811-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/363142?format=api", "purl": "pkg:apk/alpine/binutils@2.30-r6?arch=ppc64le&distroversion=v3.8&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/binutils@2.30-r6%3Farch=ppc64le&distroversion=v3.8&reponame=main" } ], "aliases": [ "CVE-2018-6872" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a27p-sf1w-f7cp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60675?format=api", "vulnerability_id": "VCID-favd-63pg-57e5", "summary": "The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7643.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7643.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7643", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48896", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48957", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48918", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48966", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48948", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7643" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7643", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7643" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553119", "reference_id": "1553119", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553119" }, { "reference_url": "https://security.gentoo.org/glsa/201811-17", "reference_id": "GLSA-201811-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3032", "reference_id": "RHSA-2018:3032", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3032" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/363142?format=api", "purl": "pkg:apk/alpine/binutils@2.30-r6?arch=ppc64le&distroversion=v3.8&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/binutils@2.30-r6%3Farch=ppc64le&distroversion=v3.8&reponame=main" } ], "aliases": [ "CVE-2018-7643" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-favd-63pg-57e5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60671?format=api", "vulnerability_id": "VCID-ktd3-3f5j-ekf8", "summary": "The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7568.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7568.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7568", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.3816", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38249", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38195", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38252", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38225", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7568" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551771", "reference_id": "1551771", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551771" }, { "reference_url": "https://security.gentoo.org/glsa/201811-17", "reference_id": "GLSA-201811-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3032", "reference_id": "RHSA-2018:3032", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3032" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/363142?format=api", "purl": "pkg:apk/alpine/binutils@2.30-r6?arch=ppc64le&distroversion=v3.8&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/binutils@2.30-r6%3Farch=ppc64le&distroversion=v3.8&reponame=main" } ], "aliases": [ "CVE-2018-7568" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ktd3-3f5j-ekf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60676?format=api", "vulnerability_id": "VCID-q98v-hju5-efhk", "summary": "The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8945.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8945.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8945", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5595", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56005", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55982", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56011", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55998", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8945" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560827", "reference_id": "1560827", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560827" }, { "reference_url": "https://security.gentoo.org/glsa/201811-17", "reference_id": "GLSA-201811-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3032", "reference_id": "RHSA-2018:3032", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3032" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/363142?format=api", "purl": "pkg:apk/alpine/binutils@2.30-r6?arch=ppc64le&distroversion=v3.8&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/binutils@2.30-r6%3Farch=ppc64le&distroversion=v3.8&reponame=main" } ], "aliases": [ "CVE-2018-8945" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q98v-hju5-efhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60673?format=api", "vulnerability_id": "VCID-ygqj-13dh-x3by", "summary": "The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7570.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7570.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7570", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00441", "scoring_system": "epss", "scoring_elements": "0.63561", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00441", "scoring_system": "epss", "scoring_elements": "0.63604", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00441", "scoring_system": "epss", "scoring_elements": "0.6359", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00441", "scoring_system": "epss", "scoring_elements": "0.63611", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00441", "scoring_system": "epss", "scoring_elements": "0.63602", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7570" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551785", "reference_id": "1551785", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551785" }, { "reference_url": "https://security.gentoo.org/glsa/201811-17", "reference_id": "GLSA-201811-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/363142?format=api", "purl": "pkg:apk/alpine/binutils@2.30-r6?arch=ppc64le&distroversion=v3.8&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/binutils@2.30-r6%3Farch=ppc64le&distroversion=v3.8&reponame=main" } ], "aliases": [ "CVE-2018-7570" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ygqj-13dh-x3by" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60674?format=api", "vulnerability_id": "VCID-yma6-h8m7-byad", "summary": "The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7642.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7642.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7642", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44082", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44151", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44097", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44159", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44134", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7642" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7642", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7642" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553115", "reference_id": "1553115", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553115" }, { "reference_url": "https://security.gentoo.org/glsa/201811-17", "reference_id": "GLSA-201811-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3032", "reference_id": "RHSA-2018:3032", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3032" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/363142?format=api", "purl": "pkg:apk/alpine/binutils@2.30-r6?arch=ppc64le&distroversion=v3.8&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/binutils@2.30-r6%3Farch=ppc64le&distroversion=v3.8&reponame=main" } ], "aliases": [ "CVE-2018-7642" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yma6-h8m7-byad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60667?format=api", "vulnerability_id": "VCID-zy2f-sye6-73b1", "summary": "In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6543.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6543.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6543", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34769", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34865", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.3481", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34883", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34847", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6543" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6543", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6543" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542275", "reference_id": "1542275", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542275" }, { "reference_url": "https://security.gentoo.org/glsa/201811-17", "reference_id": "GLSA-201811-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-17" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" }, { "reference_url": "https://usn.ubuntu.com/6413-1/", "reference_id": "USN-6413-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6413-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/363142?format=api", "purl": "pkg:apk/alpine/binutils@2.30-r6?arch=ppc64le&distroversion=v3.8&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/binutils@2.30-r6%3Farch=ppc64le&distroversion=v3.8&reponame=main" } ], "aliases": [ "CVE-2018-6543" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zy2f-sye6-73b1" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/binutils@2.30-r6%3Farch=ppc64le&distroversion=v3.8&reponame=main" }