Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/517596?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/517596?format=api", "purl": "pkg:deb/debian/apr-util@1.3.9%2Bdfsg-5", "type": "deb", "namespace": "debian", "name": "apr-util", "version": "1.3.9+dfsg-5", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.6.1-5+deb11u1", "latest_non_vulnerable_version": "1.6.1-5+deb11u1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58717?format=api", "vulnerability_id": "VCID-dsmr-qb7w-uucb", "summary": "Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25147.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25147.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25147", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18757", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18833", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18835", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25147" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25147" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169652", "reference_id": "2169652", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3109", "reference_id": "RHSA-2023:3109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3145", "reference_id": "RHSA-2023:3145", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3145" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3146", "reference_id": "RHSA-2023:3146", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3146" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3147", "reference_id": "RHSA-2023:3147", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3147" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3177", "reference_id": "RHSA-2023:3177", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3177" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3178", "reference_id": "RHSA-2023:3178", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3178" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3360", "reference_id": "RHSA-2023:3360", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3360" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3380", "reference_id": "RHSA-2023:3380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3380" }, { "reference_url": "https://usn.ubuntu.com/5870-1/", "reference_id": "USN-5870-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5870-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/921576?format=api", "purl": "pkg:deb/debian/apr-util@1.6.1-5%2Bdeb11u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr-util@1.6.1-5%252Bdeb11u1" } ], "aliases": [ "CVE-2022-25147" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dsmr-qb7w-uucb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58716?format=api", "vulnerability_id": "VCID-syc1-pm1k-4ucv", "summary": "Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12618.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12618.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12618", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00922", "scoring_system": "epss", "scoring_elements": "0.76392", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00922", "scoring_system": "epss", "scoring_elements": "0.76394", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00922", "scoring_system": "epss", "scoring_elements": "0.76364", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12618" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.4", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:M/C:N/I:N/A:P" }, { "value": "2.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506532", "reference_id": "1506532", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506532" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879996", "reference_id": "879996", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879996" }, { "reference_url": "https://security.archlinux.org/ASA-201710-33", "reference_id": "ASA-201710-33", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-33" }, { "reference_url": "https://security.archlinux.org/AVG-468", "reference_id": "AVG-468", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-468" }, { "reference_url": "https://usn.ubuntu.com/5737-1/", "reference_id": "USN-5737-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5737-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517600?format=api", "purl": "pkg:deb/debian/apr-util@1.6.1-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dsmr-qb7w-uucb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr-util@1.6.1-4" } ], "aliases": [ "CVE-2017-12618" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-syc1-pm1k-4ucv" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51007?format=api", "vulnerability_id": "VCID-2zx1-eaw8-kfgd", "summary": "A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1955.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1955.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1955", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02329", "scoring_system": "epss", "scoring_elements": "0.85119", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02329", "scoring_system": "epss", "scoring_elements": "0.85144", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02329", "scoring_system": "epss", "scoring_elements": "0.85149", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1955" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=504555", "reference_id": "504555", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504555" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2009-1955.json", "reference_id": "CVE-2009-1955", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2009-1955.json" }, { "reference_url": "https://security.gentoo.org/glsa/200907-03", "reference_id": "GLSA-200907-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200907-03" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8842.pl", "reference_id": "OSVDB-55057;CVE-2009-1955", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8842.pl" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1107", "reference_id": "RHSA-2009:1107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1108", "reference_id": "RHSA-2009:1108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1160", "reference_id": "RHSA-2009:1160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1160" }, { "reference_url": "https://usn.ubuntu.com/786-1/", "reference_id": "USN-786-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/786-1/" }, { "reference_url": "https://usn.ubuntu.com/787-1/", "reference_id": "USN-787-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/787-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517596?format=api", "purl": "pkg:deb/debian/apr-util@1.3.9%2Bdfsg-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dsmr-qb7w-uucb" }, { "vulnerability": "VCID-syc1-pm1k-4ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr-util@1.3.9%252Bdfsg-5" } ], "aliases": [ "CVE-2009-1955" ], "risk_score": 9.6, "exploitability": "2.0", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2zx1-eaw8-kfgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51002?format=api", "vulnerability_id": "VCID-5275-kg9r-n7a2", "summary": "A heap-based underwrite flaw was found in the way the bundled copy of the APR-util library created compiled forms of particular search patterns. An attacker could formulate a specially-crafted search keyword, that would overwrite arbitrary heap memory locations when processed by the pattern preparation engine.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0023.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0023.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0023", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14793", "scoring_system": "epss", "scoring_elements": "0.94627", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.14793", "scoring_system": "epss", "scoring_elements": "0.94636", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928", "reference_id": "503928", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2009-0023.json", "reference_id": "CVE-2009-0023", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2009-0023.json" }, { "reference_url": "https://security.gentoo.org/glsa/200907-03", "reference_id": "GLSA-200907-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200907-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1107", "reference_id": "RHSA-2009:1107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1108", "reference_id": "RHSA-2009:1108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1160", "reference_id": "RHSA-2009:1160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1160" }, { "reference_url": "https://usn.ubuntu.com/786-1/", "reference_id": "USN-786-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/786-1/" }, { "reference_url": "https://usn.ubuntu.com/787-1/", "reference_id": "USN-787-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/787-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517596?format=api", "purl": "pkg:deb/debian/apr-util@1.3.9%2Bdfsg-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dsmr-qb7w-uucb" }, { "vulnerability": "VCID-syc1-pm1k-4ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr-util@1.3.9%252Bdfsg-5" } ], "aliases": [ "CVE-2009-0023" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5275-kg9r-n7a2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51020?format=api", "vulnerability_id": "VCID-e8cs-fvsy-b7dd", "summary": "A flaw was found in the apr_brigade_split_line() function of the bundled APR-util library, used to process non-SSL requests. A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory, potentially leading to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1623.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1623.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1623", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.28285", "scoring_system": "epss", "scoring_elements": "0.96591", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.28285", "scoring_system": "epss", "scoring_elements": "0.96594", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.28285", "scoring_system": "epss", "scoring_elements": "0.96599", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=640281", "reference_id": "640281", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=640281" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2010-1623.json", "reference_id": "CVE-2010-1623", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2010-1623.json" }, { "reference_url": "https://security.gentoo.org/glsa/201405-24", "reference_id": "GLSA-201405-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201405-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0950", "reference_id": "RHSA-2010:0950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0950" }, { "reference_url": "https://usn.ubuntu.com/1021-1/", "reference_id": "USN-1021-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1021-1/" }, { "reference_url": "https://usn.ubuntu.com/1022-1/", "reference_id": "USN-1022-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1022-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517596?format=api", "purl": "pkg:deb/debian/apr-util@1.3.9%2Bdfsg-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dsmr-qb7w-uucb" }, { "vulnerability": "VCID-syc1-pm1k-4ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr-util@1.3.9%252Bdfsg-5" } ], "aliases": [ "CVE-2010-1623" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e8cs-fvsy-b7dd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51009?format=api", "vulnerability_id": "VCID-g837-8mzy-h3be", "summary": "A flaw in apr_palloc() in the bundled copy of APR could cause heap overflows in programs that try to apr_palloc() a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses apr_palloc() in a vulnerable way.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2412.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2412.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2412", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07751", "scoring_system": "epss", "scoring_elements": "0.92088", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07751", "scoring_system": "epss", "scoring_elements": "0.921", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.07751", "scoring_system": "epss", "scoring_elements": "0.92097", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2412" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698", "reference_id": "515698", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2009-2412.json", "reference_id": "CVE-2009-2412", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2009-2412.json" }, { "reference_url": "https://security.gentoo.org/glsa/200909-03", "reference_id": "GLSA-200909-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200909-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1204", "reference_id": "RHSA-2009:1204", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1204" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1205", "reference_id": "RHSA-2009:1205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1205" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1462", "reference_id": "RHSA-2009:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1462" }, { "reference_url": "https://usn.ubuntu.com/813-1/", "reference_id": "USN-813-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/813-1/" }, { "reference_url": "https://usn.ubuntu.com/813-2/", "reference_id": "USN-813-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/813-2/" }, { "reference_url": "https://usn.ubuntu.com/813-3/", "reference_id": "USN-813-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/813-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517596?format=api", "purl": "pkg:deb/debian/apr-util@1.3.9%2Bdfsg-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dsmr-qb7w-uucb" }, { "vulnerability": "VCID-syc1-pm1k-4ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr-util@1.3.9%252Bdfsg-5" } ], "aliases": [ "CVE-2009-2412" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g837-8mzy-h3be" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51008?format=api", "vulnerability_id": "VCID-r9vj-qa89-hqan", "summary": "An off-by-one overflow flaw was found in the way the bundled copy of the APR-util library processed a variable list of arguments. An attacker could provide a specially-crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive information or a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1956.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1956.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1956", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05415", "scoring_system": "epss", "scoring_elements": "0.90307", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05415", "scoring_system": "epss", "scoring_elements": "0.90323", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05415", "scoring_system": "epss", "scoring_elements": "0.90321", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1956" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390", "reference_id": "504390", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2009-1956.json", "reference_id": "CVE-2009-1956", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2009-1956.json" }, { "reference_url": "https://security.gentoo.org/glsa/200907-03", "reference_id": "GLSA-200907-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200907-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1107", "reference_id": "RHSA-2009:1107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1108", "reference_id": "RHSA-2009:1108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1108" }, { "reference_url": "https://usn.ubuntu.com/786-1/", "reference_id": "USN-786-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/786-1/" }, { "reference_url": "https://usn.ubuntu.com/787-1/", "reference_id": "USN-787-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/787-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517596?format=api", "purl": "pkg:deb/debian/apr-util@1.3.9%2Bdfsg-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dsmr-qb7w-uucb" }, { "vulnerability": "VCID-syc1-pm1k-4ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr-util@1.3.9%252Bdfsg-5" } ], "aliases": [ "CVE-2009-1956" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r9vj-qa89-hqan" } ], "risk_score": "3.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr-util@1.3.9%252Bdfsg-5" }