Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/585166?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/585166?format=api", "purl": "pkg:deb/debian/dnsjava@2.1.8-2", "type": "deb", "namespace": "debian", "name": "dnsjava", "version": "2.1.8-2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.6.2-2", "latest_non_vulnerable_version": "3.6.2-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61411?format=api", "vulnerability_id": "VCID-66sa-bc5p-jqde", "summary": "Multiple vulnerabilities have been discovered in Dnsmasq, the worst of which could lead to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50387.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50387.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50387", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.51989", "scoring_system": "epss", "scoring_elements": "0.97913", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.51989", "scoring_system": "epss", "scoring_elements": "0.97912", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.51989", "scoring_system": "epss", "scoring_elements": "0.97909", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.51989", "scoring_system": "epss", "scoring_elements": "0.97898", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.51989", "scoring_system": "epss", "scoring_elements": "0.97906", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.51989", "scoring_system": "epss", "scoring_elements": "0.97901", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.51989", "scoring_system": "epss", "scoring_elements": "0.97896", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.51989", "scoring_system": "epss", "scoring_elements": "0.97914", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50387" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5517" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5679" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html", "reference_id": "017430.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063845", "reference_id": "1063845", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063845" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063852", "reference_id": "1063852", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063852" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077750", "reference_id": "1077750", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077750" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/16/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/2" }, { "reference_url": "https://www.isc.org/blogs/2024-bind-security-release/", "reference_id": "2024-bind-security-release", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://www.isc.org/blogs/2024-bind-security-release/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263914", "reference_id": "2263914", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263914" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/16/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/", "reference_id": "6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/", "reference_id": "BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/" }, { "reference_url": "https://kb.isc.org/docs/cve-2023-50387", "reference_id": "cve-2023-50387", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://kb.isc.org/docs/cve-2023-50387" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-50387", "reference_id": "CVE-2023-50387", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-50387" }, { "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387", "reference_id": "CVE-2023-50387", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387" }, { "reference_url": "https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/", "reference_id": "dnssec_vulnerability_internet", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/" }, { "reference_url": "https://security.gentoo.org/glsa/202412-10", "reference_id": "GLSA-202412-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-10" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/", "reference_id": "HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/", "reference_id": "IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/" }, { "reference_url": "https://news.ycombinator.com/item?id=39367411", "reference_id": "item?id=39367411", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://news.ycombinator.com/item?id=39367411" }, { "reference_url": "https://news.ycombinator.com/item?id=39372384", "reference_id": "item?id=39372384", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://news.ycombinator.com/item?id=39372384" }, { "reference_url": "https://www.athene-center.de/aktuelles/key-trap", "reference_id": "key-trap", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://www.athene-center.de/aktuelles/key-trap" }, { "reference_url": "https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/", "reference_id": "keytrap-dns-attack-could-disable-large-parts-of-internet-researchers", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html", "reference_id": "msg00006.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html", "reference_id": "msg00011.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240307-0007/", "reference_id": "ntap-20240307-0007", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240307-0007/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/", "reference_id": "PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/" }, { "reference_url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html", "reference_id": "powerdns-advisory-2024-01.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/", "reference_id": "RGS7JN6FZXUSTC2XKQHH27574XOULYYJ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0965", "reference_id": "RHSA-2024:0965", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0965" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0977", "reference_id": "RHSA-2024:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0981", "reference_id": "RHSA-2024:0981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0982", "reference_id": "RHSA-2024:0982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11003", "reference_id": "RHSA-2024:11003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1334", "reference_id": "RHSA-2024:1334", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1334" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1335", "reference_id": "RHSA-2024:1335", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1522", "reference_id": "RHSA-2024:1522", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1522" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1543", "reference_id": "RHSA-2024:1543", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1543" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1544", "reference_id": "RHSA-2024:1544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1545", "reference_id": "RHSA-2024:1545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1647", "reference_id": "RHSA-2024:1647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1648", "reference_id": "RHSA-2024:1648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1781", "reference_id": "RHSA-2024:1781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1782", "reference_id": "RHSA-2024:1782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1789", "reference_id": "RHSA-2024:1789", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1789" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1800", "reference_id": "RHSA-2024:1800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1801", "reference_id": "RHSA-2024:1801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1801" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1803", "reference_id": "RHSA-2024:1803", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1803" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1804", "reference_id": "RHSA-2024:1804", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1804" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2551", "reference_id": "RHSA-2024:2551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2551" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2587", "reference_id": "RHSA-2024:2587", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2587" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2696", "reference_id": "RHSA-2024:2696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2720", "reference_id": "RHSA-2024:2720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2721", "reference_id": "RHSA-2024:2721", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2721" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2821", "reference_id": "RHSA-2024:2821", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2821" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2890", "reference_id": "RHSA-2024:2890", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2890" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3271", "reference_id": "RHSA-2024:3271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3741", "reference_id": "RHSA-2024:3741", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3741" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3877", "reference_id": "RHSA-2024:3877", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3877" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3929", "reference_id": "RHSA-2024:3929", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3929" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0039", "reference_id": "RHSA-2025:0039", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0039" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=1219823", "reference_id": "show_bug.cgi?id=1219823", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1219823" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/", "reference_id": "SVYA42BLXUCIDLD35YIJPJSHDIADNYMP", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/" }, { "reference_url": "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf", "reference_id": "Technical_Report_KeyTrap.pdf", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/", "reference_id": "TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/" }, { "reference_url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/", "reference_id": "unbound-1.19.1-released", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/", "reference_id": "UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/" }, { "reference_url": "https://usn.ubuntu.com/6633-1/", "reference_id": "USN-6633-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6633-1/" }, { "reference_url": "https://usn.ubuntu.com/6642-1/", "reference_id": "USN-6642-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6642-1/" }, { "reference_url": "https://usn.ubuntu.com/6657-1/", "reference_id": "USN-6657-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6657-1/" }, { "reference_url": "https://usn.ubuntu.com/6657-2/", "reference_id": "USN-6657-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6657-2/" }, { "reference_url": "https://usn.ubuntu.com/6665-1/", "reference_id": "USN-6665-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6665-1/" }, { "reference_url": "https://usn.ubuntu.com/6723-1/", "reference_id": "USN-6723-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6723-1/" }, { "reference_url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1", "reference_id": "v5.7.1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/", "reference_id": "ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585167?format=api", "purl": "pkg:deb/debian/dnsjava@3.6.2-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsjava@3.6.2-2" } ], "aliases": [ "CVE-2023-50387" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-66sa-bc5p-jqde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61412?format=api", "vulnerability_id": "VCID-vprj-j7u6-zbe7", "summary": "Multiple vulnerabilities have been discovered in Dnsmasq, the worst of which could lead to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50868.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50868.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50868", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11802", "scoring_system": "epss", "scoring_elements": "0.93712", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11802", "scoring_system": "epss", "scoring_elements": "0.93708", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11802", "scoring_system": "epss", "scoring_elements": "0.93706", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11802", "scoring_system": "epss", "scoring_elements": "0.93696", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11802", "scoring_system": "epss", "scoring_elements": "0.93684", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11802", "scoring_system": "epss", "scoring_elements": "0.93713", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11802", "scoring_system": "epss", "scoring_elements": "0.93694", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5517" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5679" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html", "reference_id": "017430.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/" } ], "url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063845", "reference_id": "1063845", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063845" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063852", "reference_id": "1063852", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063852" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077751", "reference_id": "1077751", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077751" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/16/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/2" }, { "reference_url": "https://www.isc.org/blogs/2024-bind-security-release/", "reference_id": "2024-bind-security-release", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/" } ], "url": "https://www.isc.org/blogs/2024-bind-security-release/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263917", "reference_id": "2263917", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263917" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/16/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/", "reference_id": "6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/", "reference_id": "BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/" }, { "reference_url": "https://kb.isc.org/docs/cve-2023-50868", "reference_id": "cve-2023-50868", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/" } ], "url": "https://kb.isc.org/docs/cve-2023-50868" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-50868", "reference_id": "CVE-2023-50868", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-50868" }, { "reference_url": "https://security.gentoo.org/glsa/202412-10", "reference_id": "GLSA-202412-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-10" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/", "reference_id": "HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/", "reference_id": "IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html", "reference_id": "msg00006.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html", "reference_id": "msg00011.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240307-0008/", "reference_id": "ntap-20240307-0008", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240307-0008/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/", "reference_id": "PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/" }, { "reference_url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html", "reference_id": "powerdns-advisory-2024-01.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/" } ], "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html" }, { "reference_url": "https://datatracker.ietf.org/doc/html/rfc5155", "reference_id": "rfc5155", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/" } ], "url": "https://datatracker.ietf.org/doc/html/rfc5155" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/", "reference_id": "RGS7JN6FZXUSTC2XKQHH27574XOULYYJ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0965", "reference_id": "RHSA-2024:0965", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0965" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0977", "reference_id": "RHSA-2024:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0981", "reference_id": "RHSA-2024:0981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0982", "reference_id": "RHSA-2024:0982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11003", "reference_id": "RHSA-2024:11003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1334", "reference_id": "RHSA-2024:1334", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1334" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1335", "reference_id": "RHSA-2024:1335", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1522", "reference_id": "RHSA-2024:1522", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1522" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1543", "reference_id": "RHSA-2024:1543", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1543" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1544", "reference_id": "RHSA-2024:1544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1545", "reference_id": "RHSA-2024:1545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1647", "reference_id": "RHSA-2024:1647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1648", "reference_id": "RHSA-2024:1648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1781", "reference_id": "RHSA-2024:1781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1782", "reference_id": "RHSA-2024:1782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1789", "reference_id": "RHSA-2024:1789", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1789" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1800", "reference_id": "RHSA-2024:1800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1801", "reference_id": "RHSA-2024:1801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1801" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1803", "reference_id": "RHSA-2024:1803", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1803" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1804", "reference_id": "RHSA-2024:1804", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1804" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2551", "reference_id": "RHSA-2024:2551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2551" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2587", "reference_id": "RHSA-2024:2587", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2587" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2696", "reference_id": "RHSA-2024:2696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2720", "reference_id": "RHSA-2024:2720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2721", "reference_id": "RHSA-2024:2721", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2721" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2821", "reference_id": "RHSA-2024:2821", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2821" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2890", "reference_id": "RHSA-2024:2890", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2890" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3271", "reference_id": "RHSA-2024:3271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3741", "reference_id": "RHSA-2024:3741", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3741" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3877", "reference_id": "RHSA-2024:3877", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3877" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3929", "reference_id": "RHSA-2024:3929", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3929" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0039", "reference_id": "RHSA-2025:0039", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0039" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=1219826", "reference_id": "show_bug.cgi?id=1219826", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/" } ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1219826" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/", "reference_id": "SVYA42BLXUCIDLD35YIJPJSHDIADNYMP", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/", "reference_id": "TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/" }, { "reference_url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/", "reference_id": "unbound-1.19.1-released", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/" } ], "url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/", "reference_id": "UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/" }, { "reference_url": "https://usn.ubuntu.com/6633-1/", "reference_id": "USN-6633-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6633-1/" }, { "reference_url": "https://usn.ubuntu.com/6642-1/", "reference_id": "USN-6642-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6642-1/" }, { "reference_url": "https://usn.ubuntu.com/6657-1/", "reference_id": "USN-6657-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6657-1/" }, { "reference_url": "https://usn.ubuntu.com/6657-2/", "reference_id": "USN-6657-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6657-2/" }, { "reference_url": "https://usn.ubuntu.com/6665-1/", "reference_id": "USN-6665-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6665-1/" }, { "reference_url": "https://usn.ubuntu.com/6723-1/", "reference_id": "USN-6723-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6723-1/" }, { "reference_url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1", "reference_id": "v5.7.1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/" } ], "url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/", "reference_id": "ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585167?format=api", "purl": "pkg:deb/debian/dnsjava@3.6.2-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsjava@3.6.2-2" } ], "aliases": [ "CVE-2023-50868" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vprj-j7u6-zbe7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17690?format=api", "vulnerability_id": "VCID-wx5x-pkdb-sbgt", "summary": "DNSJava DNSSEC Bypass\n### Summary\n\nRecords in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones.\n\n### Details\n\nDNS Messages are not authenticated. They do not guarantee that\n\n- received RRs are authentic\n- not received RRs do not exist\n- all or any received records in a response relate to the request\n\nApplications utilizing DNSSEC generally expect these guarantees to be met, however DNSSEC by itself only guarantees the first two.\nTo meet the third guarantee, resolvers generally follow an (undocumented, as far as RFCs go) algorithm such as: (simplified, e.g. lacks DNSSEC validation!)\n\n1. denote by `QNAME` the name you are querying (e.g. fraunhofer.de.), and initialize a list of aliases\n2. if the ANSWER section contains a valid PTR RRSet for `QNAME`, return it (and optionally return the list of aliases as well)\n3. if the ANSWER section contains a valid CNAME RRSet for `QNAME`, add it to the list of aliases. Set `QNAME` to the CNAME's target and go to 2.\n4. Verify that `QNAME` does not have any PTR, CNAME and DNAME records using valid NSEC or NSEC3 records. Return `null`.\n\nNote that this algorithm relies on NSEC records and thus requires a considerable portion of the DNSSEC specifications to be implemented. For this reason, it cannot be performed by a DNS client (aka application) and is typically performed as part of the resolver logic.\n\ndnsjava does not implement a comparable algorithm, and the provided APIs instead return either\n\n- the received DNS message itself (e.g. when using a ValidatingResolver such as in [this](https://github.com/dnsjava/dnsjava/blob/master/EXAMPLES.md#dnssec-resolver) example), or\n- essentially just the contents of its ANSWER section (e.g. when using a LookupSession such as in [this](https://github.com/dnsjava/dnsjava/blob/master/EXAMPLES.md#simple-lookup-with-a-resolver) example)\n\nIf applications blindly filter the received results for RRs of the desired record type (as seems to be typical usage for dnsjava), a rogue recursive resolver or (on UDP/TCP connections) a network attacker can\n\n- In addition to the actual DNS response, add RRs irrelevant to the query but of the right datatype, e.g. from another zone, as long as that zone is correctly using DNSSEC, or\n- completely exchange the relevant response records\n\n### Impact\n\nDNS(SEC) libraries are usually used as part of a larger security framework.\nTherefore, the main misuses of this vulnerability concern application code, which might take the returned records as authentic answers to the request.\nHere are three concrete examples of where this might be detrimental:\n\n- [RFC 6186](https://datatracker.ietf.org/doc/html/rfc6186) specifies that to connect to an IMAP server for a user, a mail user agent should retrieve certain SRV records and send the user's credentials to the specified servers. Exchanging the SRV records can be a tool to redirect the credentials.\n- When delivering mail via SMTP, MX records determine where to deliver the mails to. Exchanging the MX records might lead to information disclosure. Additionally, an exchange of TLSA records might allow attackers to intercept TLS traffic.\n- Some research projects like [LIGHTest](https://www.lightest.eu/) are trying to manage CA trust stores via URI and SMIMEA records in the DNS. Exchanging these allows manipulating the root of trust for dependent applications.\n\n### Mitigations\n\nAt this point, the following mitigations are recommended:\n\n- When using a ValidatingResolver, ignore any Server indications of whether or not data was available (e.g. NXDOMAIN, NODATA, ...).\n- For APIs returning RRs from DNS responses, filter the RRs using an algorithm such as the one above. This includes e.g. `LookupSession.lookupAsync`.\n- Remove APIs dealing with raw DNS messages from the examples section or place a noticable warning above.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25638.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25638.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25638", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40678", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40706", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40734", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40658", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40708", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40714", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40732", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40697", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25638" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25638", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25638" }, { "reference_url": "https://github.com/dnsjava/dnsjava", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dnsjava/dnsjava" }, { "reference_url": "https://github.com/dnsjava/dnsjava/commit/2073a0cdea2c560465f7ac0cc56f202e6fc39705", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-22T15:32:07Z/" } ], "url": "https://github.com/dnsjava/dnsjava/commit/2073a0cdea2c560465f7ac0cc56f202e6fc39705" }, { "reference_url": "https://github.com/dnsjava/dnsjava/commit/bc51df1c455e6c9fb7cbd42fcb6d62d16047818d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/dnsjava/dnsjava/commit/bc51df1c455e6c9fb7cbd42fcb6d62d16047818d" }, { "reference_url": "https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-22T15:32:07Z/" } ], "url": "https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25638", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25638" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077368", "reference_id": "1077368", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077368" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299292", "reference_id": "2299292", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299292" }, { "reference_url": "https://github.com/advisories/GHSA-cfxw-4h78-h7fw", "reference_id": "GHSA-cfxw-4h78-h7fw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cfxw-4h78-h7fw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585167?format=api", "purl": "pkg:deb/debian/dnsjava@3.6.2-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsjava@3.6.2-2" } ], "aliases": [ "CVE-2024-25638", "GHSA-cfxw-4h78-h7fw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wx5x-pkdb-sbgt" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsjava@2.1.8-2" }