Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/584724?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/584724?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3", "type": "deb", "namespace": "debian", "name": "c-ares", "version": "1.17.1-1+deb11u3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.34.5-1+deb13u1", "latest_non_vulnerable_version": "1.34.5-1+deb13u1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77674?format=api", "vulnerability_id": "VCID-3hy7-94d4-kyev", "summary": "c-ares: Out of bounds read in ares__read_line()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25629.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25629.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25629", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17222", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.174", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17447", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17229", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17321", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.1738", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17392", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17342", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17283", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25629", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25629" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265713", "reference_id": "2265713", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265713" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2P76QYINQNPEHUTEEDOUYIRZ2X6UVZ5K/", "reference_id": "2P76QYINQNPEHUTEEDOUYIRZ2X6UVZ5K", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T19:18:11Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2P76QYINQNPEHUTEEDOUYIRZ2X6UVZ5K/" }, { "reference_url": "https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183", "reference_id": "a804c04ddc8245fc8adf0e92368709639125e183", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T19:18:11Z/" } ], "url": "https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSCMTSPDIE2UHU34TIXQQHZ6JTE3Y3VF/", "reference_id": "CSCMTSPDIE2UHU34TIXQQHZ6JTE3Y3VF", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T19:18:11Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSCMTSPDIE2UHU34TIXQQHZ6JTE3Y3VF/" }, { "reference_url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q", "reference_id": "GHSA-mg26-v6qh-x48q", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T19:18:11Z/" } ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GX37LFPFQ3T6FFMMFYQTEGIQXXN7F27U/", "reference_id": "GX37LFPFQ3T6FFMMFYQTEGIQXXN7F27U", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T19:18:11Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GX37LFPFQ3T6FFMMFYQTEGIQXXN7F27U/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2778", "reference_id": "RHSA-2024:2778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2778" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2779", "reference_id": "RHSA-2024:2779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2780", "reference_id": "RHSA-2024:2780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2853", "reference_id": "RHSA-2024:2853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2910", "reference_id": "RHSA-2024:2910", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2910" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3842", "reference_id": "RHSA-2024:3842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4249", "reference_id": "RHSA-2024:4249", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4249" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4559", "reference_id": "RHSA-2024:4559", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4559" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4721", "reference_id": "RHSA-2024:4721", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4721" }, { "reference_url": "https://usn.ubuntu.com/6676-1/", "reference_id": "USN-6676-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6676-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584726?format=api", "purl": "pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1" } ], "aliases": [ "CVE-2024-25629" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3hy7-94d4-kyev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17722?format=api", "vulnerability_id": "VCID-3nsu-sz9r-pkbf", "summary": "Use of Insufficiently Random Values\nc-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31124.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31124.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31124", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22622", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22524", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22664", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22454", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22536", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2259", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22605", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22565", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22511", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31124" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31124", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31124" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:36:12Z/" } ], "url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:36:12Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:36:12Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209494", "reference_id": "2209494", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209494" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31124", "reference_id": "CVE-2023-31124", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31124" }, { "reference_url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4", "reference_id": "GHSA-54xr-f67r-4pc4", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:36:12Z/" } ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4" }, { "reference_url": "https://security.gentoo.org/glsa/202310-09", "reference_id": "GLSA-202310-09", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:36:12Z/" } ], "url": "https://security.gentoo.org/glsa/202310-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3577", "reference_id": "RHSA-2023:3577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3586", "reference_id": "RHSA-2023:3586", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3586" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4033", "reference_id": "RHSA-2023:4033", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4033" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4034", "reference_id": "RHSA-2023:4034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4035", "reference_id": "RHSA-2023:4035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4036", "reference_id": "RHSA-2023:4036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4039", "reference_id": "RHSA-2023:4039", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4039" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6635", "reference_id": "RHSA-2023:6635", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6635" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584726?format=api", "purl": "pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1" } ], "aliases": [ "CVE-2023-31124", "GHSA-54xr-f67r-4pc4" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3nsu-sz9r-pkbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17727?format=api", "vulnerability_id": "VCID-h5yg-sx9b-ska5", "summary": "Use of Insufficiently Random Values\nc-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31147.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31147.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31147", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26124", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.25964", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26165", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.25934", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26002", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26053", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26063", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26017", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.25958", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31147" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31147" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:25:39Z/" } ], "url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:25:39Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:25:39Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209501", "reference_id": "2209501", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209501" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31147", "reference_id": "CVE-2023-31147", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31147" }, { "reference_url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2", "reference_id": "GHSA-8r8p-23f3-64c2", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:25:39Z/" } ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2" }, { "reference_url": "https://security.gentoo.org/glsa/202310-09", "reference_id": "GLSA-202310-09", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:25:39Z/" } ], "url": "https://security.gentoo.org/glsa/202310-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3577", "reference_id": "RHSA-2023:3577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3586", "reference_id": "RHSA-2023:3586", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3586" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4033", "reference_id": "RHSA-2023:4033", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4033" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4034", "reference_id": "RHSA-2023:4034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4035", "reference_id": "RHSA-2023:4035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4036", "reference_id": "RHSA-2023:4036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4039", "reference_id": "RHSA-2023:4039", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4039" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6635", "reference_id": "RHSA-2023:6635", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6635" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584726?format=api", "purl": "pkg:deb/debian/c-ares@1.34.5-1%2Bdeb13u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.34.5-1%252Bdeb13u1" } ], "aliases": [ "CVE-2023-31147", "GHSA-8r8p-23f3-64c2" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h5yg-sx9b-ska5" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11629?format=api", "vulnerability_id": "VCID-1xdz-dku3-qqc4", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3672.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3672.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3672", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17144", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17097", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17358", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17138", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17229", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17287", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17265", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17216", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17157", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.1731", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3672" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1988342", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1988342" }, { "reference_url": "https://c-ares.haxx.se/adv_20210810.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/" } ], "url": "https://c-ares.haxx.se/adv_20210810.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3672" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992053", "reference_id": "992053", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992053" }, { "reference_url": "https://security.archlinux.org/ASA-202108-13", "reference_id": "ASA-202108-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202108-13" }, { "reference_url": "https://security.archlinux.org/AVG-2268", "reference_id": "AVG-2268", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2268" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672", "reference_id": "CVE-2021-3672", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672" }, { "reference_url": "https://security.gentoo.org/glsa/202401-02", "reference_id": "GLSA-202401-02", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/" } ], "url": "https://security.gentoo.org/glsa/202401-02" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3280", "reference_id": "RHSA-2021:3280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3281", "reference_id": "RHSA-2021:3281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3623", "reference_id": "RHSA-2021:3623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3638", "reference_id": "RHSA-2021:3638", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3638" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3639", "reference_id": "RHSA-2021:3639", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3639" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3666", "reference_id": "RHSA-2021:3666", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3666" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2043", "reference_id": "RHSA-2022:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2043" }, { "reference_url": "https://usn.ubuntu.com/5034-1/", "reference_id": "USN-5034-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5034-1/" }, { "reference_url": "https://usn.ubuntu.com/5034-2/", "reference_id": "USN-5034-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5034-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038089?format=api", "purl": "pkg:deb/debian/c-ares@1.14.0-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1xdz-dku3-qqc4" }, { "vulnerability": "VCID-5vh6-usw6-2qhy" }, { "vulnerability": "VCID-gx39-xzj1-vfb7" }, { "vulnerability": "VCID-krvu-3d14-yudt" }, { "vulnerability": "VCID-m4sn-7wuq-e3cd" }, { "vulnerability": "VCID-pavw-rssx-53cg" }, { "vulnerability": "VCID-vezx-cgbw-zqdp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.14.0-1%252Bdeb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/584724?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3" } ], "aliases": [ "CVE-2021-3672" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1xdz-dku3-qqc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16706?format=api", "vulnerability_id": "VCID-5vh6-usw6-2qhy", "summary": "Improper Input Validation\nA flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4904.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4904.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4904", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37124", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37044", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37156", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.36987", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37037", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.3705", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37059", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37025", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.36999", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4904" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:25:39Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4904" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/c-ares/c-ares/issues/496", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:25:39Z/" } ], "url": "https://github.com/c-ares/c-ares/issues/496" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031525", "reference_id": "1031525", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031525" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/", "reference_id": "33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:25:39Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904", "reference_id": "CVE-2022-4904", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904" }, { "reference_url": "https://security.gentoo.org/glsa/202401-02", "reference_id": "GLSA-202401-02", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:25:39Z/" } ], "url": "https://security.gentoo.org/glsa/202401-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1533", "reference_id": "RHSA-2023:1533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1533" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1582", "reference_id": "RHSA-2023:1582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1742", "reference_id": "RHSA-2023:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1743", "reference_id": "RHSA-2023:1743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1744", "reference_id": "RHSA-2023:1744", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1744" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2654", "reference_id": "RHSA-2023:2654", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2654" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2655", "reference_id": "RHSA-2023:2655", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2655" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4035", "reference_id": "RHSA-2023:4035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5533", "reference_id": "RHSA-2023:5533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5533" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6291", "reference_id": "RHSA-2023:6291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6291" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6635", "reference_id": "RHSA-2023:6635", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6635" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7116", "reference_id": "RHSA-2023:7116", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7116" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7368", "reference_id": "RHSA-2023:7368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7543", "reference_id": "RHSA-2023:7543", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7543" }, { "reference_url": "https://usn.ubuntu.com/5907-1/", "reference_id": "USN-5907-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5907-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584724?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3" } ], "aliases": [ "CVE-2022-4904" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5vh6-usw6-2qhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81000?format=api", "vulnerability_id": "VCID-gx39-xzj1-vfb7", "summary": "c-ares: ares_destroy() with pending ares_getaddrinfo() leads to Use-After-Free", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14354.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14354.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14354", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40602", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40687", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40715", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40637", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40688", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40697", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40714", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40679", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.4066", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40705", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14354" }, { "reference_url": "https://c-ares.haxx.se/changelog.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://c-ares.haxx.se/changelog.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14354" }, { "reference_url": "https://packetstormsecurity.com/files/158755/GS20200804145053.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://packetstormsecurity.com/files/158755/GS20200804145053.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866838", "reference_id": "1866838", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866838" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14354", "reference_id": "CVE-2020-14354", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14354" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584724?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-14354" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gx39-xzj1-vfb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78155?format=api", "vulnerability_id": "VCID-krvu-3d14-yudt", "summary": "c-ares: Heap buffer over read in ares_parse_soa_reply", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-22217.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-22217.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-22217", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30187", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30217", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30104", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30182", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30139", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30089", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30266", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30084", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30144", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30179", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-22217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22217" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235527", "reference_id": "2235527", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235527" }, { "reference_url": "https://github.com/c-ares/c-ares/issues/333", "reference_id": "333", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T19:59:20Z/" } ], "url": "https://github.com/c-ares/c-ares/issues/333" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00014.html", "reference_id": "msg00014.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T19:59:20Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00014.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7207", "reference_id": "RHSA-2023:7207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0419", "reference_id": "RHSA-2024:0419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0419" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0578", "reference_id": "RHSA-2024:0578", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0578" }, { "reference_url": "https://usn.ubuntu.com/6376-1/", "reference_id": "USN-6376-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6376-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584724?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-22217" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-krvu-3d14-yudt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35492?format=api", "vulnerability_id": "VCID-m4sn-7wuq-e3cd", "summary": "A Denial of Service vulnerability was discovered in c-ares.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8277.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8277.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.98219", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.98238", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.9823", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.98233", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.98222", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.98225", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.98226", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8277" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898554", "reference_id": "1898554", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898554" }, { "reference_url": "https://security.archlinux.org/ASA-202011-18", "reference_id": "ASA-202011-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202011-18" }, { "reference_url": "https://security.archlinux.org/AVG-1280", "reference_id": "AVG-1280", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1280" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8277", "reference_id": "CVE-2020-8277", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8277" }, { "reference_url": "https://security.gentoo.org/glsa/202012-11", "reference_id": "GLSA-202012-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202012-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5305", "reference_id": "RHSA-2020:5305", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5305" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5499", "reference_id": "RHSA-2020:5499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0421", "reference_id": "RHSA-2021:0421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0551", "reference_id": "RHSA-2021:0551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0551" }, { "reference_url": "https://usn.ubuntu.com/4638-1/", "reference_id": "USN-4638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584724?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-8277" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m4sn-7wuq-e3cd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17723?format=api", "vulnerability_id": "VCID-pavw-rssx-53cg", "summary": "Uncontrolled Resource Consumption\nc-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32067.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32067.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32067", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61263", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61348", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61292", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.6126", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61307", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61322", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61342", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61328", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61309", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32067" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31130" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32067", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32067" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/" } ], "url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209502", "reference_id": "2209502", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209502" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32067", "reference_id": "CVE-2023-32067", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32067" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5419", "reference_id": "dsa-5419", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5419" }, { "reference_url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc", "reference_id": "GHSA-9g78-jv2r-p7vc", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/" } ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc" }, { "reference_url": "https://security.gentoo.org/glsa/202310-09", "reference_id": "GLSA-202310-09", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/" } ], "url": "https://security.gentoo.org/glsa/202310-09" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html", "reference_id": "msg00034.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240605-0004/", "reference_id": "ntap-20240605-0004", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240605-0004/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3559", "reference_id": "RHSA-2023:3559", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3559" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3577", "reference_id": "RHSA-2023:3577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3583", "reference_id": "RHSA-2023:3583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3583" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3584", "reference_id": "RHSA-2023:3584", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3584" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3586", "reference_id": "RHSA-2023:3586", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3586" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3660", "reference_id": "RHSA-2023:3660", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3660" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3662", "reference_id": "RHSA-2023:3662", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3662" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3665", "reference_id": "RHSA-2023:3665", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3665" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3677", "reference_id": "RHSA-2023:3677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3741", "reference_id": "RHSA-2023:3741", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3741" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4033", "reference_id": "RHSA-2023:4033", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4033" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4034", "reference_id": "RHSA-2023:4034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4035", "reference_id": "RHSA-2023:4035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4036", "reference_id": "RHSA-2023:4036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4039", "reference_id": "RHSA-2023:4039", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4039" }, { "reference_url": "https://usn.ubuntu.com/6164-1/", "reference_id": "USN-6164-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6164-1/" }, { "reference_url": "https://usn.ubuntu.com/6164-2/", "reference_id": "USN-6164-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6164-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584724?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3" } ], "aliases": [ "CVE-2023-32067", "GHSA-9g78-jv2r-p7vc" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pavw-rssx-53cg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17721?format=api", "vulnerability_id": "VCID-vezx-cgbw-zqdp", "summary": "Buffer Underwrite ('Buffer Underflow')\nc-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular \"0::00:00:00/2\" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31130.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31130.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31130", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0177", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01785", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01788", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01801", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01794", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01784", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01782", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31130" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31130" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32067", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32067" }, { "reference_url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/" } ], "url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209497", "reference_id": "2209497", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209497" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31130", "reference_id": "CVE-2023-31130", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31130" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5419", "reference_id": "dsa-5419", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5419" }, { "reference_url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v", "reference_id": "GHSA-x6mf-cxr9-8q6v", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/" } ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v" }, { "reference_url": "https://security.gentoo.org/glsa/202310-09", "reference_id": "GLSA-202310-09", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/" } ], "url": "https://security.gentoo.org/glsa/202310-09" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html", "reference_id": "msg00034.html", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240605-0005/", "reference_id": "ntap-20240605-0005", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240605-0005/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3577", "reference_id": "RHSA-2023:3577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3586", "reference_id": "RHSA-2023:3586", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3586" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4033", "reference_id": "RHSA-2023:4033", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4033" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4034", "reference_id": "RHSA-2023:4034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4035", "reference_id": "RHSA-2023:4035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4036", "reference_id": "RHSA-2023:4036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4039", "reference_id": "RHSA-2023:4039", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4039" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6635", "reference_id": "RHSA-2023:6635", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6635" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7207", "reference_id": "RHSA-2023:7207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7392", "reference_id": "RHSA-2023:7392", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7392" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7543", "reference_id": "RHSA-2023:7543", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7543" }, { "reference_url": "https://usn.ubuntu.com/6164-1/", "reference_id": "USN-6164-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6164-1/" }, { "reference_url": "https://usn.ubuntu.com/6164-2/", "reference_id": "USN-6164-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6164-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584724?format=api", "purl": "pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hy7-94d4-kyev" }, { "vulnerability": "VCID-3nsu-sz9r-pkbf" }, { "vulnerability": "VCID-h5yg-sx9b-ska5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3" } ], "aliases": [ "CVE-2023-31130", "GHSA-x6mf-cxr9-8q6v" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vezx-cgbw-zqdp" } ], "risk_score": "2.6", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3" }