Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:conan/gdal@3.4.1

Type conan

Namespace

Name gdal

Version 3.4.1

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-uy45-3vu3-87fu

vulnerability_id VCID-uy45-3vu3-87fu

summary GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment).

references

reference_url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41993

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41993

reference_url

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml

reference_url

https://github.com/OSGeo/gdal/commit/1ca6a3e5168c200763fa46d8aa7e698d0b757e7e

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://github.com/OSGeo/gdal/commit/1ca6a3e5168c200763fa46d8aa7e698d0b757e7e

reference_url

https://github.com/OSGeo/gdal/pull/4944

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://github.com/OSGeo/gdal/pull/4944

reference_url

https://lists.debian.org/debian-lts-announce/2022/01/msg00004.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://lists.debian.org/debian-lts-announce/2022/01/msg00004.html

reference_url

https://lists.debian.org/debian-lts-announce/2022/09/msg00040.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://lists.debian.org/debian-lts-announce/2022/09/msg00040.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBPJGXY7IYY65NVJBLP3RONXE7ZBVCNU/

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBPJGXY7IYY65NVJBLP3RONXE7ZBVCNU/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P23E4DEHY5FJCR5VJ46I6TO32DT7Y3T4/

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P23E4DEHY5FJCR5VJ46I6TO32DT7Y3T4/

reference_url

https://security.gentoo.org/glsa/202210-15

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://security.gentoo.org/glsa/202210-15

reference_url

https://www.debian.org/security/2022/dsa-5239

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://www.debian.org/security/2022/dsa-5239

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-45943
reference_id	CVE-2021-45943
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-45943

fixed_packages

url	pkg:conan/gdal@3.4.1
purl	pkg:conan/gdal@3.4.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:conan/gdal@3.4.1

aliases CVE-2021-45943, PYSEC-2022-43065

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uy45-3vu3-87fu

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:conan/gdal@3.4.1

Package Instance