Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/583131?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/583131?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie", "type": "deb", "namespace": "debian", "name": "c-ares", "version": "1.17.1-1+deb11u3", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.17.1-1.1", "latest_non_vulnerable_version": "1.34.6-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77674?format=api", "vulnerability_id": "VCID-3hy7-94d4-kyev", "summary": "c-ares: Out of bounds read in ares__read_line()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25629.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25629.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25629", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17283", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.174", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17447", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17229", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17321", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.1738", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17392", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17342", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25629", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25629" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265713", "reference_id": "2265713", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265713" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2P76QYINQNPEHUTEEDOUYIRZ2X6UVZ5K/", "reference_id": "2P76QYINQNPEHUTEEDOUYIRZ2X6UVZ5K", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T19:18:11Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2P76QYINQNPEHUTEEDOUYIRZ2X6UVZ5K/" }, { "reference_url": "https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183", "reference_id": "a804c04ddc8245fc8adf0e92368709639125e183", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T19:18:11Z/" } ], "url": "https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSCMTSPDIE2UHU34TIXQQHZ6JTE3Y3VF/", "reference_id": "CSCMTSPDIE2UHU34TIXQQHZ6JTE3Y3VF", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T19:18:11Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSCMTSPDIE2UHU34TIXQQHZ6JTE3Y3VF/" }, { "reference_url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q", "reference_id": "GHSA-mg26-v6qh-x48q", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T19:18:11Z/" } ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GX37LFPFQ3T6FFMMFYQTEGIQXXN7F27U/", "reference_id": "GX37LFPFQ3T6FFMMFYQTEGIQXXN7F27U", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T19:18:11Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GX37LFPFQ3T6FFMMFYQTEGIQXXN7F27U/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2778", "reference_id": "RHSA-2024:2778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2778" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2779", "reference_id": "RHSA-2024:2779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2780", "reference_id": "RHSA-2024:2780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2853", "reference_id": "RHSA-2024:2853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2910", "reference_id": "RHSA-2024:2910", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2910" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3842", "reference_id": "RHSA-2024:3842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4249", "reference_id": "RHSA-2024:4249", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4249" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4559", "reference_id": "RHSA-2024:4559", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4559" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4721", "reference_id": "RHSA-2024:4721", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4721" }, { "reference_url": "https://usn.ubuntu.com/6676-1/", "reference_id": "USN-6676-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6676-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/921605?format=api", "purl": "pkg:deb/debian/c-ares@1.27.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.27.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583134?format=api", "purl": "pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583135?format=api", "purl": "pkg:deb/debian/c-ares@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-25629" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3hy7-94d4-kyev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17722?format=api", "vulnerability_id": "VCID-3nsu-sz9r-pkbf", "summary": "Use of Insufficiently Random Values\nc-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31124.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31124.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31124", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22622", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22511", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22664", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22454", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22536", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2259", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22605", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22565", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31124" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31124", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31124" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:36:12Z/" } ], "url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:36:12Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:36:12Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209494", "reference_id": "2209494", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209494" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31124", "reference_id": "CVE-2023-31124", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31124" }, { "reference_url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4", "reference_id": "GHSA-54xr-f67r-4pc4", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:36:12Z/" } ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4" }, { "reference_url": "https://security.gentoo.org/glsa/202310-09", "reference_id": "GLSA-202310-09", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:36:12Z/" } ], "url": "https://security.gentoo.org/glsa/202310-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3577", "reference_id": "RHSA-2023:3577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3586", "reference_id": "RHSA-2023:3586", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3586" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4033", "reference_id": "RHSA-2023:4033", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4033" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4034", "reference_id": "RHSA-2023:4034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4035", "reference_id": "RHSA-2023:4035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4036", "reference_id": "RHSA-2023:4036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4039", "reference_id": "RHSA-2023:4039", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4039" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6635", "reference_id": "RHSA-2023:6635", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6635" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/921604?format=api", "purl": "pkg:deb/debian/c-ares@1.19.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.19.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583134?format=api", "purl": "pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583135?format=api", "purl": "pkg:deb/debian/c-ares@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-31124", "GHSA-54xr-f67r-4pc4" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3nsu-sz9r-pkbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17727?format=api", "vulnerability_id": "VCID-h5yg-sx9b-ska5", "summary": "Use of Insufficiently Random Values\nc-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31147.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31147.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31147", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26124", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.25958", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26165", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.25934", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26002", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26053", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26063", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26017", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31147" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31147" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:25:39Z/" } ], "url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:25:39Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:25:39Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209501", "reference_id": "2209501", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209501" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31147", "reference_id": "CVE-2023-31147", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31147" }, { "reference_url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2", "reference_id": "GHSA-8r8p-23f3-64c2", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:25:39Z/" } ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2" }, { "reference_url": "https://security.gentoo.org/glsa/202310-09", "reference_id": "GLSA-202310-09", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:25:39Z/" } ], "url": "https://security.gentoo.org/glsa/202310-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3577", "reference_id": "RHSA-2023:3577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3586", "reference_id": "RHSA-2023:3586", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3586" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4033", "reference_id": "RHSA-2023:4033", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4033" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4034", "reference_id": "RHSA-2023:4034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4035", "reference_id": "RHSA-2023:4035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4036", "reference_id": "RHSA-2023:4036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4039", "reference_id": "RHSA-2023:4039", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4039" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6635", "reference_id": "RHSA-2023:6635", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6635" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/921604?format=api", "purl": "pkg:deb/debian/c-ares@1.19.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.19.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583134?format=api", "purl": "pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583135?format=api", "purl": "pkg:deb/debian/c-ares@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-31147", "GHSA-8r8p-23f3-64c2" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h5yg-sx9b-ska5" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11629?format=api", "vulnerability_id": "VCID-1xdz-dku3-qqc4", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3672.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3672.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3672", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17144", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17157", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.1731", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17358", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17138", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17229", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17287", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17265", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17216", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3672" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1988342", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1988342" }, { "reference_url": "https://c-ares.haxx.se/adv_20210810.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/" } ], "url": "https://c-ares.haxx.se/adv_20210810.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3672" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992053", "reference_id": "992053", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992053" }, { "reference_url": "https://security.archlinux.org/ASA-202108-13", "reference_id": "ASA-202108-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202108-13" }, { "reference_url": "https://security.archlinux.org/AVG-2268", "reference_id": "AVG-2268", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2268" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672", "reference_id": "CVE-2021-3672", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672" }, { "reference_url": "https://security.gentoo.org/glsa/202401-02", "reference_id": "GLSA-202401-02", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/" } ], "url": "https://security.gentoo.org/glsa/202401-02" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3280", "reference_id": "RHSA-2021:3280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3281", "reference_id": "RHSA-2021:3281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3623", "reference_id": "RHSA-2021:3623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3638", "reference_id": "RHSA-2021:3638", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3638" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3639", "reference_id": "RHSA-2021:3639", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3639" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3666", "reference_id": "RHSA-2021:3666", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3666" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2043", "reference_id": "RHSA-2022:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2043" }, { "reference_url": "https://usn.ubuntu.com/5034-1/", "reference_id": "USN-5034-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5034-1/" }, { "reference_url": "https://usn.ubuntu.com/5034-2/", "reference_id": "USN-5034-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5034-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586358?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583131?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/586359?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583132?format=api", "purl": "pkg:deb/debian/c-ares@1.18.1-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.18.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583134?format=api", "purl": "pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583135?format=api", "purl": "pkg:deb/debian/c-ares@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-3672" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1xdz-dku3-qqc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47188?format=api", "vulnerability_id": "VCID-33wk-w9ez-vyd2", "summary": "A heap-based buffer overflow in c-ares might allow remote attackers\n to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5180.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5180.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5180", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95153", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.9519", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95186", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95187", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95164", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95166", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95169", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95176", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.9518", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5180" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5180", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5180" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1380463", "reference_id": "1380463", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1380463" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839151", "reference_id": "839151", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839151" }, { "reference_url": "https://security.archlinux.org/ASA-201609-31", "reference_id": "ASA-201609-31", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201609-31" }, { "reference_url": "https://security.archlinux.org/AVG-37", "reference_id": "AVG-37", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-37" }, { "reference_url": "https://security.gentoo.org/glsa/201701-28", "reference_id": "GLSA-201701-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0002", "reference_id": "RHSA-2017:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0002" }, { "reference_url": "https://usn.ubuntu.com/3143-1/", "reference_id": "USN-3143-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3143-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583408?format=api", "purl": "pkg:deb/debian/c-ares@1.12.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.12.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583131?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583132?format=api", "purl": "pkg:deb/debian/c-ares@1.18.1-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.18.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583134?format=api", "purl": "pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583135?format=api", "purl": "pkg:deb/debian/c-ares@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-5180" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-33wk-w9ez-vyd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16706?format=api", "vulnerability_id": "VCID-5vh6-usw6-2qhy", "summary": "Improper Input Validation\nA flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4904.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4904.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4904", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37124", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.36999", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37156", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.36987", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37037", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.3705", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37059", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37025", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4904" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:25:39Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4904" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/c-ares/c-ares/issues/496", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:25:39Z/" } ], "url": "https://github.com/c-ares/c-ares/issues/496" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031525", "reference_id": "1031525", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031525" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/", "reference_id": "33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:25:39Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904", "reference_id": "CVE-2022-4904", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904" }, { "reference_url": "https://security.gentoo.org/glsa/202401-02", "reference_id": "GLSA-202401-02", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:25:39Z/" } ], "url": "https://security.gentoo.org/glsa/202401-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1533", "reference_id": "RHSA-2023:1533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1533" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1582", "reference_id": "RHSA-2023:1582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1742", "reference_id": "RHSA-2023:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1743", "reference_id": "RHSA-2023:1743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1744", "reference_id": "RHSA-2023:1744", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1744" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2654", "reference_id": "RHSA-2023:2654", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2654" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2655", "reference_id": "RHSA-2023:2655", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2655" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4035", "reference_id": "RHSA-2023:4035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5533", "reference_id": "RHSA-2023:5533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5533" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6291", "reference_id": "RHSA-2023:6291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6291" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6635", "reference_id": "RHSA-2023:6635", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6635" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7116", "reference_id": "RHSA-2023:7116", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7116" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7368", "reference_id": "RHSA-2023:7368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7543", "reference_id": "RHSA-2023:7543", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7543" }, { "reference_url": "https://usn.ubuntu.com/5907-1/", "reference_id": "USN-5907-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5907-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586248?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583131?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/586249?format=api", "purl": "pkg:deb/debian/c-ares@1.18.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.18.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583132?format=api", "purl": "pkg:deb/debian/c-ares@1.18.1-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.18.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583134?format=api", "purl": "pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583135?format=api", "purl": "pkg:deb/debian/c-ares@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-4904" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5vh6-usw6-2qhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66222?format=api", "vulnerability_id": "VCID-dxnb-c4wc-vqdq", "summary": "c-ares: c-ares: Denial of Service due to query termination after maximum attempts", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62408.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62408.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05069", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05097", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05119", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05151", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08303", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08294", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08274", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08255", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62408" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420217", "reference_id": "2420217", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420217" }, { "reference_url": "https://github.com/c-ares/c-ares/commit/714bf5675c541bd1e668a8db8e67ce012651e618", "reference_id": "714bf5675c541bd1e668a8db8e67ce012651e618", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-09T14:20:03Z/" } ], "url": "https://github.com/c-ares/c-ares/commit/714bf5675c541bd1e668a8db8e67ce012651e618" }, { "reference_url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr5", "reference_id": "GHSA-jq53-42q6-pqr5", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-09T14:20:03Z/" } ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr5" }, { "reference_url": "https://usn.ubuntu.com/7925-1/", "reference_id": "USN-7925-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7925-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583130?format=api", "purl": "pkg:deb/debian/c-ares@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583131?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583132?format=api", "purl": "pkg:deb/debian/c-ares@1.18.1-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.18.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583134?format=api", "purl": "pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583135?format=api", "purl": "pkg:deb/debian/c-ares@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-62408" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dxnb-c4wc-vqdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81000?format=api", "vulnerability_id": "VCID-gx39-xzj1-vfb7", "summary": "c-ares: ares_destroy() with pending ares_getaddrinfo() leads to Use-After-Free", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14354.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14354.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14354", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40602", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40687", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40715", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40637", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40688", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40697", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40714", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40679", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.4066", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14354" }, { "reference_url": "https://c-ares.haxx.se/changelog.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://c-ares.haxx.se/changelog.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14354" }, { "reference_url": "https://packetstormsecurity.com/files/158755/GS20200804145053.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://packetstormsecurity.com/files/158755/GS20200804145053.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866838", "reference_id": "1866838", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866838" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14354", "reference_id": "CVE-2020-14354", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14354" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585622?format=api", "purl": "pkg:deb/debian/c-ares@1.16.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.16.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583131?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583132?format=api", "purl": "pkg:deb/debian/c-ares@1.18.1-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.18.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583134?format=api", "purl": "pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583135?format=api", "purl": "pkg:deb/debian/c-ares@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14354" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gx39-xzj1-vfb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78155?format=api", "vulnerability_id": "VCID-krvu-3d14-yudt", "summary": "c-ares: Heap buffer over read in ares_parse_soa_reply", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-22217.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-22217.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-22217", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30187", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30217", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30089", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30179", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30182", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30139", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30266", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30084", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30144", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-22217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22217" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235527", "reference_id": "2235527", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235527" }, { "reference_url": "https://github.com/c-ares/c-ares/issues/333", "reference_id": "333", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T19:59:20Z/" } ], "url": "https://github.com/c-ares/c-ares/issues/333" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00014.html", "reference_id": "msg00014.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T19:59:20Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00014.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7207", "reference_id": "RHSA-2023:7207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0419", "reference_id": "RHSA-2024:0419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0419" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0578", "reference_id": "RHSA-2024:0578", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0578" }, { "reference_url": "https://usn.ubuntu.com/6376-1/", "reference_id": "USN-6376-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6376-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586605?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583131?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583132?format=api", "purl": "pkg:deb/debian/c-ares@1.18.1-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.18.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583134?format=api", "purl": "pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583135?format=api", "purl": "pkg:deb/debian/c-ares@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-22217" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-krvu-3d14-yudt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70437?format=api", "vulnerability_id": "VCID-kvkw-we2b-zbdn", "summary": "c-ares: c-ares has a use-after-free in read_answers()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31498.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31498.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-31498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00618", "scoring_system": "epss", "scoring_elements": "0.69914", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00618", "scoring_system": "epss", "scoring_elements": "0.69966", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00618", "scoring_system": "epss", "scoring_elements": "0.69929", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00618", "scoring_system": "epss", "scoring_elements": "0.69907", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00618", "scoring_system": "epss", "scoring_elements": "0.69954", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00618", "scoring_system": "epss", "scoring_elements": "0.69971", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.71349", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.71334", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-31498" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358271", "reference_id": "2358271", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358271" }, { "reference_url": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1", "reference_id": "29d38719112639d8c0ba910254a3dd4f482ea2d1", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T18:40:21Z/" } ], "url": "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1" }, { "reference_url": "https://github.com/c-ares/c-ares/pull/821", "reference_id": "821", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T18:40:21Z/" } ], "url": "https://github.com/c-ares/c-ares/pull/821" }, { "reference_url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v", "reference_id": "GHSA-6hxc-62jh-p29v", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T18:40:21Z/" } ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4459", "reference_id": "RHSA-2025:4459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4461", "reference_id": "RHSA-2025:4461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7426", "reference_id": "RHSA-2025:7426", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7426" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7433", "reference_id": "RHSA-2025:7433", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7433" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7502", "reference_id": "RHSA-2025:7502", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7502" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7537", "reference_id": "RHSA-2025:7537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7537" }, { "reference_url": "https://usn.ubuntu.com/7477-1/", "reference_id": "USN-7477-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7477-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583130?format=api", "purl": "pkg:deb/debian/c-ares@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583131?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583132?format=api", "purl": "pkg:deb/debian/c-ares@1.18.1-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.18.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583133?format=api", "purl": "pkg:deb/debian/c-ares@1.34.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583134?format=api", "purl": "pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583135?format=api", "purl": "pkg:deb/debian/c-ares@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-31498" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kvkw-we2b-zbdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35492?format=api", "vulnerability_id": "VCID-m4sn-7wuq-e3cd", "summary": "A Denial of Service vulnerability was discovered in c-ares.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8277.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8277.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.98219", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.98233", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.98226", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.9823", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.98222", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.98225", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8277" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898554", "reference_id": "1898554", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898554" }, { "reference_url": "https://security.archlinux.org/ASA-202011-18", "reference_id": "ASA-202011-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202011-18" }, { "reference_url": "https://security.archlinux.org/AVG-1280", "reference_id": "AVG-1280", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1280" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8277", "reference_id": "CVE-2020-8277", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8277" }, { "reference_url": "https://security.gentoo.org/glsa/202012-11", "reference_id": "GLSA-202012-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202012-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5305", "reference_id": "RHSA-2020:5305", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5305" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5499", "reference_id": "RHSA-2020:5499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0421", "reference_id": "RHSA-2021:0421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0551", "reference_id": "RHSA-2021:0551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0551" }, { "reference_url": "https://usn.ubuntu.com/4638-1/", "reference_id": "USN-4638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586605?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583131?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583132?format=api", "purl": "pkg:deb/debian/c-ares@1.18.1-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.18.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583134?format=api", "purl": "pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583135?format=api", "purl": "pkg:deb/debian/c-ares@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-8277" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m4sn-7wuq-e3cd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17723?format=api", "vulnerability_id": "VCID-pavw-rssx-53cg", "summary": "Uncontrolled Resource Consumption\nc-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32067.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32067.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32067", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61263", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61309", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61292", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.6126", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61307", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61322", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61342", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61328", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32067" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31130" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32067", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32067" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/" } ], "url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209502", "reference_id": "2209502", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209502" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32067", "reference_id": "CVE-2023-32067", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32067" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5419", "reference_id": "dsa-5419", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5419" }, { "reference_url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc", "reference_id": "GHSA-9g78-jv2r-p7vc", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/" } ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc" }, { "reference_url": "https://security.gentoo.org/glsa/202310-09", "reference_id": "GLSA-202310-09", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/" } ], "url": "https://security.gentoo.org/glsa/202310-09" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html", "reference_id": "msg00034.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240605-0004/", "reference_id": "ntap-20240605-0004", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240605-0004/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3559", "reference_id": "RHSA-2023:3559", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3559" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3577", "reference_id": "RHSA-2023:3577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3583", "reference_id": "RHSA-2023:3583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3583" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3584", "reference_id": "RHSA-2023:3584", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3584" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3586", "reference_id": "RHSA-2023:3586", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3586" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3660", "reference_id": "RHSA-2023:3660", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3660" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3662", "reference_id": "RHSA-2023:3662", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3662" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3665", "reference_id": "RHSA-2023:3665", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3665" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3677", "reference_id": "RHSA-2023:3677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3741", "reference_id": "RHSA-2023:3741", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3741" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4033", "reference_id": "RHSA-2023:4033", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4033" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4034", "reference_id": "RHSA-2023:4034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4035", "reference_id": "RHSA-2023:4035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4036", "reference_id": "RHSA-2023:4036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4039", "reference_id": "RHSA-2023:4039", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4039" }, { "reference_url": "https://usn.ubuntu.com/6164-1/", "reference_id": "USN-6164-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6164-1/" }, { "reference_url": "https://usn.ubuntu.com/6164-2/", "reference_id": "USN-6164-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6164-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583131?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583132?format=api", "purl": "pkg:deb/debian/c-ares@1.18.1-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.18.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583134?format=api", "purl": "pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583135?format=api", "purl": "pkg:deb/debian/c-ares@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-32067", "GHSA-9g78-jv2r-p7vc" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pavw-rssx-53cg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17721?format=api", "vulnerability_id": "VCID-vezx-cgbw-zqdp", "summary": "Buffer Underwrite ('Buffer Underflow')\nc-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular \"0::00:00:00/2\" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31130.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31130.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31130", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01782", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01785", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01788", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01801", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01794", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01784", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31130" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31130" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32067", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32067" }, { "reference_url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/" } ], "url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209497", "reference_id": "2209497", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209497" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31130", "reference_id": "CVE-2023-31130", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31130" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5419", "reference_id": "dsa-5419", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5419" }, { "reference_url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v", "reference_id": "GHSA-x6mf-cxr9-8q6v", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/" } ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v" }, { "reference_url": "https://security.gentoo.org/glsa/202310-09", "reference_id": "GLSA-202310-09", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/" } ], "url": "https://security.gentoo.org/glsa/202310-09" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html", "reference_id": "msg00034.html", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240605-0005/", "reference_id": "ntap-20240605-0005", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240605-0005/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3577", "reference_id": "RHSA-2023:3577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3586", "reference_id": "RHSA-2023:3586", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3586" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4033", "reference_id": "RHSA-2023:4033", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4033" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4034", "reference_id": "RHSA-2023:4034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4035", "reference_id": "RHSA-2023:4035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4036", "reference_id": "RHSA-2023:4036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4039", "reference_id": "RHSA-2023:4039", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4039" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6635", "reference_id": "RHSA-2023:6635", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6635" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7207", "reference_id": "RHSA-2023:7207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7392", "reference_id": "RHSA-2023:7392", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7392" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7543", "reference_id": "RHSA-2023:7543", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7543" }, { "reference_url": "https://usn.ubuntu.com/6164-1/", "reference_id": "USN-6164-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6164-1/" }, { "reference_url": "https://usn.ubuntu.com/6164-2/", "reference_id": "USN-6164-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6164-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583131?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583132?format=api", "purl": "pkg:deb/debian/c-ares@1.18.1-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.18.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583134?format=api", "purl": "pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583135?format=api", "purl": "pkg:deb/debian/c-ares@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-31130", "GHSA-x6mf-cxr9-8q6v" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vezx-cgbw-zqdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84234?format=api", "vulnerability_id": "VCID-w3cx-2jcp-pyga", "summary": "c-ares: NAPTR parser out of bounds access", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000381.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000381.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000381", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66165", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66239", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66263", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66284", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66271", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66206", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66233", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66203", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.6625", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000381" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000381" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463132", "reference_id": "1463132", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463132" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865360", "reference_id": "865360", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865360" }, { "reference_url": "https://security.archlinux.org/ASA-201707-21", "reference_id": "ASA-201707-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-21" }, { "reference_url": "https://security.archlinux.org/AVG-315", "reference_id": "AVG-315", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2908", "reference_id": "RHSA-2017:2908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2908" }, { "reference_url": "https://usn.ubuntu.com/3395-1/", "reference_id": "USN-3395-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3395-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4796-1/", "reference_id": "USN-USN-4796-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4796-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586806?format=api", "purl": "pkg:deb/debian/c-ares@1.12.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.12.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583131?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583132?format=api", "purl": "pkg:deb/debian/c-ares@1.18.1-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.18.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583134?format=api", "purl": "pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583135?format=api", "purl": "pkg:deb/debian/c-ares@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.6-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-1000381" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w3cx-2jcp-pyga" } ], "risk_score": "2.6", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3%3Fdistro=trixie" }