Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/thunderbird@91.4.1-r0?arch=armv7&distroversion=v3.22&reponame=community

Type apk

Namespace alpine

Name thunderbird

Version 91.4.1-r0

Qualifiers

arch	armv7
distroversion	v3.22
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version 91.5.0-r0

Latest_non_vulnerable_version 128.5.0-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1mm2-4b1k-afat

vulnerability_id VCID-1mm2-4b1k-afat

summary

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The olm_session_describe function in Matrix libolm is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44538

reference_id

reference_type

scores

value	0.01416
scoring_system	epss
scoring_elements	0.80586
published_at	2026-04-18T12:55:00Z

value	0.01416
scoring_system	epss
scoring_elements	0.80503
published_at	2026-04-01T12:55:00Z

value	0.01416
scoring_system	epss
scoring_elements	0.80578
published_at	2026-04-11T12:55:00Z

value	0.01416
scoring_system	epss
scoring_elements	0.80564
published_at	2026-04-12T12:55:00Z

value	0.01416
scoring_system	epss
scoring_elements	0.80556
published_at	2026-04-13T12:55:00Z

value	0.01416
scoring_system	epss
scoring_elements	0.80585
published_at	2026-04-16T12:55:00Z

value	0.01416
scoring_system	epss
scoring_elements	0.80509
published_at	2026-04-02T12:55:00Z

value	0.01416
scoring_system	epss
scoring_elements	0.80531
published_at	2026-04-04T12:55:00Z

value	0.01416
scoring_system	epss
scoring_elements	0.80521
published_at	2026-04-07T12:55:00Z

value	0.01416
scoring_system	epss
scoring_elements	0.8055
published_at	2026-04-08T12:55:00Z

value	0.01416
scoring_system	epss
scoring_elements	0.8056
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.matrix.org/matrix-org/olm/-/tags
reference_id
reference_type
scores
url	https://gitlab.matrix.org/matrix-org/olm/-/tags

reference_url	https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk
reference_id
reference_type
scores
url	https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001664
reference_id	1001664
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001664

reference_url

https://security.archlinux.org/AVG-2638

reference_id

AVG-2638

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2638

reference_url

https://security.archlinux.org/AVG-2639

reference_id

AVG-2639

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2639

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-44538
reference_id	CVE-2021-44538
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-44538

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-55

reference_id

mfsa2021-55

reference_type

scores

value	none
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-55

reference_url	https://usn.ubuntu.com/5246-1/
reference_id	USN-5246-1
reference_type
scores
url	https://usn.ubuntu.com/5246-1/

reference_url	https://usn.ubuntu.com/5248-1/
reference_id	USN-5248-1
reference_type
scores
url	https://usn.ubuntu.com/5248-1/

fixed_packages

url	pkg:apk/alpine/thunderbird@91.4.1-r0?arch=armv7&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/thunderbird@91.4.1-r0?arch=armv7&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.4.1-r0%3Farch=armv7&distroversion=v3.22&reponame=community

aliases CVE-2021-44538

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1mm2-4b1k-afat

url VCID-pbhu-5gkn-qkb8

vulnerability_id VCID-pbhu-5gkn-qkb8

summary

When receiving an OpenPGP/MIME signed email message that contains an
additional outer MIME message layer, for example a message footer added by a
mailing list gateway, Thunderbird only considered the inner signed message for
the signature validity. This gave the false impression that the additional contents
were also covered by the digital signature. Starting with Thunderbird version 91.4.1,
only the signature that belongs to the top level MIME part will be considered for
the displayed status.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-4126

reference_id

reference_type

scores

value	0.00337
scoring_system	epss
scoring_elements	0.56607
published_at	2026-04-18T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56461
published_at	2026-04-01T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56609
published_at	2026-04-08T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56613
published_at	2026-04-09T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56623
published_at	2026-04-11T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56599
published_at	2026-04-12T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56577
published_at	2026-04-13T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56608
published_at	2026-04-16T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56558
published_at	2026-04-07T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56579
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-4126

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-55

reference_id

mfsa2021-55

reference_type

scores

value	none
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-55

reference_url

https://www.mozilla.org/security/advisories/mfsa2021-55/

reference_id

mfsa2021-55

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:36:07Z/

url

https://www.mozilla.org/security/advisories/mfsa2021-55/

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1732310

reference_id

show_bug.cgi?id=1732310

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:36:07Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1732310

reference_url	https://usn.ubuntu.com/5246-1/
reference_id	USN-5246-1
reference_type
scores
url	https://usn.ubuntu.com/5246-1/

reference_url	https://usn.ubuntu.com/5248-1/
reference_id	USN-5248-1
reference_type
scores
url	https://usn.ubuntu.com/5248-1/

fixed_packages

url	pkg:apk/alpine/thunderbird@91.4.1-r0?arch=armv7&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/thunderbird@91.4.1-r0?arch=armv7&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.4.1-r0%3Farch=armv7&distroversion=v3.22&reponame=community

aliases CVE-2021-4126

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pbhu-5gkn-qkb8

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/thunderbird@91.4.1-r0%3Farch=armv7&distroversion=v3.22&reponame=community

Package Instance