Lookup for vulnerable packages by Package URL.
| Purl | pkg:pypi/codechecker@6.25.1 |
|---|
| Type | pypi |
|---|
| Namespace | |
|---|
| Name | codechecker |
|---|
| Version | 6.25.1 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | true |
|---|
| Next_non_vulnerable_version | 6.26.2 |
|---|
| Latest_non_vulnerable_version | 6.26.2 |
|---|
| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-6urc-avwv-vbdk |
| vulnerability_id |
VCID-6urc-avwv-vbdk |
| summary |
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy.
CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command.
This issue affects CodeChecker: through 6.26.1. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-40843, GHSA-5xf2-f6ch-6p8r, PYSEC-2025-100
|
| risk_score |
3.5 |
| exploitability |
0.5 |
| weighted_severity |
7.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6urc-avwv-vbdk |
|
|
|---|
| Fixing_vulnerabilities |
|
|---|
| Risk_score | 3.5 |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.25.1 |
|---|