Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie

Type deb

Namespace debian

Name newlib

Version 4.6.0.20260123-2

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-4z5d-zj37-yfcc

vulnerability_id VCID-4z5d-zj37-yfcc

summary The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and other newlib macros in versions prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset (as is the case in production firmware builds).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14871

reference_id

reference_type

scores

value	0.00465
scoring_system	epss
scoring_elements	0.64414
published_at	2026-04-24T12:55:00Z

value	0.00465
scoring_system	epss
scoring_elements	0.64402
published_at	2026-04-18T12:55:00Z

value	0.00465
scoring_system	epss
scoring_elements	0.64393
published_at	2026-04-21T12:55:00Z

value	0.00465
scoring_system	epss
scoring_elements	0.64276
published_at	2026-04-01T12:55:00Z

value	0.00465
scoring_system	epss
scoring_elements	0.64334
published_at	2026-04-02T12:55:00Z

value	0.00465
scoring_system	epss
scoring_elements	0.64363
published_at	2026-04-04T12:55:00Z

value	0.00465
scoring_system	epss
scoring_elements	0.64321
published_at	2026-04-07T12:55:00Z

value	0.00465
scoring_system	epss
scoring_elements	0.6437
published_at	2026-04-08T12:55:00Z

value	0.00465
scoring_system	epss
scoring_elements	0.64384
published_at	2026-04-12T12:55:00Z

value	0.00465
scoring_system	epss
scoring_elements	0.64397
published_at	2026-04-11T12:55:00Z

value	0.00465
scoring_system	epss
scoring_elements	0.64355
published_at	2026-04-13T12:55:00Z

value	0.00465
scoring_system	epss
scoring_elements	0.64391
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14871

reference_url	https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url	https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14871
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14871

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib::::::::
reference_id	cpe:2.3:a:newlib_project:newlib::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14871

reference_id

CVE-2019-14871

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14871

fixed_packages

url pkg:deb/debian/newlib@3.3.0-1?distro=trixie

purl pkg:deb/debian/newlib@3.3.0-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cztw-ay3e-cfeq

vulnerability	VCID-pw8g-an3z-jydv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie

url pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cztw-ay3e-cfeq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie
purl	pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie

url	pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie
purl	pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie

aliases CVE-2019-14871

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4z5d-zj37-yfcc

url VCID-6y3x-44kq-wkgt

vulnerability_id VCID-6y3x-44kq-wkgt

summary The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory allocations without checking their return value. This could result in NULL pointer dereference.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14872

reference_id

reference_type

scores

value	0.00414
scoring_system	epss
scoring_elements	0.6164
published_at	2026-04-24T12:55:00Z

value	0.00414
scoring_system	epss
scoring_elements	0.61663
published_at	2026-04-18T12:55:00Z

value	0.00414
scoring_system	epss
scoring_elements	0.61648
published_at	2026-04-21T12:55:00Z

value	0.00414
scoring_system	epss
scoring_elements	0.6149
published_at	2026-04-01T12:55:00Z

value	0.00414
scoring_system	epss
scoring_elements	0.61564
published_at	2026-04-07T12:55:00Z

value	0.00414
scoring_system	epss
scoring_elements	0.61593
published_at	2026-04-04T12:55:00Z

value	0.00414
scoring_system	epss
scoring_elements	0.61612
published_at	2026-04-08T12:55:00Z

value	0.00414
scoring_system	epss
scoring_elements	0.61626
published_at	2026-04-09T12:55:00Z

value	0.00414
scoring_system	epss
scoring_elements	0.61647
published_at	2026-04-11T12:55:00Z

value	0.00414
scoring_system	epss
scoring_elements	0.61636
published_at	2026-04-12T12:55:00Z

value	0.00414
scoring_system	epss
scoring_elements	0.61616
published_at	2026-04-13T12:55:00Z

value	0.00414
scoring_system	epss
scoring_elements	0.61658
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14872

reference_url	https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url	https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14872
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14872

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib::::::::
reference_id	cpe:2.3:a:newlib_project:newlib::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14872

reference_id

CVE-2019-14872

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14872

fixed_packages

url pkg:deb/debian/newlib@3.3.0-1?distro=trixie

purl pkg:deb/debian/newlib@3.3.0-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cztw-ay3e-cfeq

vulnerability	VCID-pw8g-an3z-jydv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie

url pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cztw-ay3e-cfeq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie
purl	pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie

url	pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie
purl	pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie

aliases CVE-2019-14872

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6y3x-44kq-wkgt

url VCID-8y56-twub-8kfu

vulnerability_id VCID-8y56-twub-8kfu

summary In the __lshift function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access to b1 will trigger a null pointer dereference bug in case of a memory allocation failure.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14876

reference_id

reference_type

scores

value	0.00178
scoring_system	epss
scoring_elements	0.39155
published_at	2026-04-24T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39436
published_at	2026-04-18T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.3935
published_at	2026-04-21T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39283
published_at	2026-04-01T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39448
published_at	2026-04-02T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39473
published_at	2026-04-04T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39386
published_at	2026-04-07T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39442
published_at	2026-04-08T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39457
published_at	2026-04-09T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39468
published_at	2026-04-11T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.3943
published_at	2026-04-12T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39413
published_at	2026-04-13T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39464
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14876

reference_url	https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url	https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14876
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14876

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib::::::::
reference_id	cpe:2.3:a:newlib_project:newlib::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14876

reference_id

CVE-2019-14876

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14876

fixed_packages

url pkg:deb/debian/newlib@3.3.0-1?distro=trixie

purl pkg:deb/debian/newlib@3.3.0-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cztw-ay3e-cfeq

vulnerability	VCID-pw8g-an3z-jydv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie

url pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cztw-ay3e-cfeq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie
purl	pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie

url	pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie
purl	pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie

aliases CVE-2019-14876

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8y56-twub-8kfu

url VCID-c26b-vetm-y3ak

vulnerability_id VCID-c26b-vetm-y3ak

summary In the __multiply function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14875

reference_id

reference_type

scores

value	0.00401
scoring_system	epss
scoring_elements	0.60755
published_at	2026-04-24T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60778
published_at	2026-04-16T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60782
published_at	2026-04-18T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60605
published_at	2026-04-01T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.6068
published_at	2026-04-07T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60709
published_at	2026-04-04T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60728
published_at	2026-04-08T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60743
published_at	2026-04-09T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60767
published_at	2026-04-21T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60754
published_at	2026-04-12T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60735
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14875

reference_url	https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url	https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14875
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14875

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib::::::::
reference_id	cpe:2.3:a:newlib_project:newlib::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14875

reference_id

CVE-2019-14875

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14875

fixed_packages

url pkg:deb/debian/newlib@3.3.0-1?distro=trixie

purl pkg:deb/debian/newlib@3.3.0-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cztw-ay3e-cfeq

vulnerability	VCID-pw8g-an3z-jydv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie

url pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cztw-ay3e-cfeq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie
purl	pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie

url	pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie
purl	pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie

aliases CVE-2019-14875

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c26b-vetm-y3ak

url VCID-cztw-ay3e-cfeq

vulnerability_id VCID-cztw-ay3e-cfeq

summary newlib: arbitrary code execution via the time unit scaling in the _gettimeofday function

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30949.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30949.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-30949

reference_id

reference_type

scores

value	0.00693
scoring_system	epss
scoring_elements	0.71929
published_at	2026-04-24T12:55:00Z

value	0.00693
scoring_system	epss
scoring_elements	0.71863
published_at	2026-04-09T12:55:00Z

value	0.00693
scoring_system	epss
scoring_elements	0.71887
published_at	2026-04-11T12:55:00Z

value	0.00693
scoring_system	epss
scoring_elements	0.71869
published_at	2026-04-12T12:55:00Z

value	0.00693
scoring_system	epss
scoring_elements	0.71895
published_at	2026-04-16T12:55:00Z

value	0.00693
scoring_system	epss
scoring_elements	0.719
published_at	2026-04-18T12:55:00Z

value	0.00693
scoring_system	epss
scoring_elements	0.71883
published_at	2026-04-21T12:55:00Z

value	0.00693
scoring_system	epss
scoring_elements	0.71821
published_at	2026-04-02T12:55:00Z

value	0.00693
scoring_system	epss
scoring_elements	0.7184
published_at	2026-04-04T12:55:00Z

value	0.00693
scoring_system	epss
scoring_elements	0.71813
published_at	2026-04-07T12:55:00Z

value	0.00693
scoring_system	epss
scoring_elements	0.71852
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-30949

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30949
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30949

reference_url

https://inbox.sourceware.org/newlib/20231129035714.469943-1-visitorckw%40gmail.com/

reference_id

20231129035714.469943-1-visitorckw%40gmail.com

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-20T17:35:37Z/

url

https://inbox.sourceware.org/newlib/20231129035714.469943-1-visitorckw%40gmail.com/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2306118
reference_id	2306118
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2306118

reference_url

https://gist.github.com/visitorckw/6b26e599241ea80210ea136b28441661

reference_id

6b26e599241ea80210ea136b28441661

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-20T17:35:37Z/

url

https://gist.github.com/visitorckw/6b26e599241ea80210ea136b28441661

reference_url

https://sourceware.org/git/?p=newlib-cygwin.git%3Ba=commit%3Bh=5f15d7c5817b07a6b18cbab17342c95cb7b42be4

reference_id

?p=newlib-cygwin.git%3Ba=commit%3Bh=5f15d7c5817b07a6b18cbab17342c95cb7b42be4

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-20T17:35:37Z/

url

https://sourceware.org/git/?p=newlib-cygwin.git%3Ba=commit%3Bh=5f15d7c5817b07a6b18cbab17342c95cb7b42be4

fixed_packages

url	pkg:deb/debian/newlib@4.4.0.20231231-2?distro=trixie
purl	pkg:deb/debian/newlib@4.4.0.20231231-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.4.0.20231231-2%3Fdistro=trixie

url	pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie
purl	pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie

url	pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie
purl	pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie

aliases CVE-2024-30949

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cztw-ay3e-cfeq

url VCID-ecf9-k21a-t3c8

vulnerability_id VCID-ecf9-k21a-t3c8

summary In the __multadd function of the newlib libc library, prior to versions 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. This will trigger a null pointer dereference bug in case of a memory allocation failure.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14873

reference_id

reference_type

scores

value	0.00401
scoring_system	epss
scoring_elements	0.60755
published_at	2026-04-24T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60778
published_at	2026-04-16T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60782
published_at	2026-04-18T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60605
published_at	2026-04-01T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.6068
published_at	2026-04-07T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60709
published_at	2026-04-04T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60728
published_at	2026-04-08T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60743
published_at	2026-04-09T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60767
published_at	2026-04-21T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60754
published_at	2026-04-12T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60735
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14873

reference_url	https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url	https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14873
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14873

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib::::::::
reference_id	cpe:2.3:a:newlib_project:newlib::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14873

reference_id

CVE-2019-14873

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14873

fixed_packages

url pkg:deb/debian/newlib@3.3.0-1?distro=trixie

purl pkg:deb/debian/newlib@3.3.0-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cztw-ay3e-cfeq

vulnerability	VCID-pw8g-an3z-jydv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie

url pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cztw-ay3e-cfeq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie
purl	pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie

url	pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie
purl	pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie

aliases CVE-2019-14873

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ecf9-k21a-t3c8

url VCID-k2zw-2gbs-eugx

vulnerability_id VCID-k2zw-2gbs-eugx

summary In the __d2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. Accessing _x will trigger a null pointer dereference bug in case of a memory allocation failure.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14878

reference_id

reference_type

scores

value	0.00309
scoring_system	epss
scoring_elements	0.5411
published_at	2026-04-21T12:55:00Z

value	0.00309
scoring_system	epss
scoring_elements	0.54126
published_at	2026-04-16T12:55:00Z

value	0.00309
scoring_system	epss
scoring_elements	0.5413
published_at	2026-04-18T12:55:00Z

value	0.00309
scoring_system	epss
scoring_elements	0.54005
published_at	2026-04-01T12:55:00Z

value	0.00309
scoring_system	epss
scoring_elements	0.54023
published_at	2026-04-02T12:55:00Z

value	0.00309
scoring_system	epss
scoring_elements	0.54049
published_at	2026-04-04T12:55:00Z

value	0.00309
scoring_system	epss
scoring_elements	0.54026
published_at	2026-04-07T12:55:00Z

value	0.00309
scoring_system	epss
scoring_elements	0.54078
published_at	2026-04-08T12:55:00Z

value	0.00309
scoring_system	epss
scoring_elements	0.54076
published_at	2026-04-24T12:55:00Z

value	0.00309
scoring_system	epss
scoring_elements	0.54122
published_at	2026-04-11T12:55:00Z

value	0.00309
scoring_system	epss
scoring_elements	0.54104
published_at	2026-04-12T12:55:00Z

value	0.00309
scoring_system	epss
scoring_elements	0.54087
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14878

reference_url	https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url	https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14878
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14878

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib::::::::
reference_id	cpe:2.3:a:newlib_project:newlib::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14878

reference_id

CVE-2019-14878

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14878

fixed_packages

url pkg:deb/debian/newlib@3.3.0-1?distro=trixie

purl pkg:deb/debian/newlib@3.3.0-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cztw-ay3e-cfeq

vulnerability	VCID-pw8g-an3z-jydv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie

url pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cztw-ay3e-cfeq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie
purl	pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie

url	pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie
purl	pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie

aliases CVE-2019-14878

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k2zw-2gbs-eugx

url VCID-n637-g4ee-tuhz

vulnerability_id VCID-n637-g4ee-tuhz

summary In the __i2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _ x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14874

reference_id

reference_type

scores

value	0.00401
scoring_system	epss
scoring_elements	0.60755
published_at	2026-04-24T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60778
published_at	2026-04-16T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60782
published_at	2026-04-18T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60605
published_at	2026-04-01T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.6068
published_at	2026-04-07T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60709
published_at	2026-04-04T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60728
published_at	2026-04-08T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60743
published_at	2026-04-09T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60767
published_at	2026-04-21T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60754
published_at	2026-04-12T12:55:00Z

value	0.00401
scoring_system	epss
scoring_elements	0.60735
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14874

reference_url	https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url	https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14874
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14874

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib::::::::
reference_id	cpe:2.3:a:newlib_project:newlib::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14874

reference_id

CVE-2019-14874

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14874

fixed_packages

url pkg:deb/debian/newlib@3.3.0-1?distro=trixie

purl pkg:deb/debian/newlib@3.3.0-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cztw-ay3e-cfeq

vulnerability	VCID-pw8g-an3z-jydv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie

url pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cztw-ay3e-cfeq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie
purl	pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie

url	pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie
purl	pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie

aliases CVE-2019-14874

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n637-g4ee-tuhz

url VCID-nsa5-ccpm-pufk

vulnerability_id VCID-nsa5-ccpm-pufk

summary In the __mdiff function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate big integers, however no check is performed to verify if the allocation succeeded or not. The access to _wds and _sign will trigger a null pointer dereference bug in case of a memory allocation failure.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14877

reference_id

reference_type

scores

value	0.00309
scoring_system	epss
scoring_elements	0.5411
published_at	2026-04-21T12:55:00Z

value	0.00309
scoring_system	epss
scoring_elements	0.54126
published_at	2026-04-16T12:55:00Z

value	0.00309
scoring_system	epss
scoring_elements	0.5413
published_at	2026-04-18T12:55:00Z

value	0.00309
scoring_system	epss
scoring_elements	0.54005
published_at	2026-04-01T12:55:00Z

value	0.00309
scoring_system	epss
scoring_elements	0.54023
published_at	2026-04-02T12:55:00Z

value	0.00309
scoring_system	epss
scoring_elements	0.54049
published_at	2026-04-04T12:55:00Z

value	0.00309
scoring_system	epss
scoring_elements	0.54026
published_at	2026-04-07T12:55:00Z

value	0.00309
scoring_system	epss
scoring_elements	0.54078
published_at	2026-04-08T12:55:00Z

value	0.00309
scoring_system	epss
scoring_elements	0.54076
published_at	2026-04-24T12:55:00Z

value	0.00309
scoring_system	epss
scoring_elements	0.54122
published_at	2026-04-11T12:55:00Z

value	0.00309
scoring_system	epss
scoring_elements	0.54104
published_at	2026-04-12T12:55:00Z

value	0.00309
scoring_system	epss
scoring_elements	0.54087
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14877

reference_url	https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url	https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14877
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14877

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib::::::::
reference_id	cpe:2.3:a:newlib_project:newlib::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14877

reference_id

CVE-2019-14877

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14877

fixed_packages

url pkg:deb/debian/newlib@3.3.0-1?distro=trixie

purl pkg:deb/debian/newlib@3.3.0-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cztw-ay3e-cfeq

vulnerability	VCID-pw8g-an3z-jydv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie

url pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cztw-ay3e-cfeq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie
purl	pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie

url	pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie
purl	pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie

aliases CVE-2019-14877

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nsa5-ccpm-pufk

url VCID-pw8g-an3z-jydv

vulnerability_id VCID-pw8g-an3z-jydv

summary A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3420

reference_id

reference_type

scores

value	0.00138
scoring_system	epss
scoring_elements	0.33939
published_at	2026-04-13T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33977
published_at	2026-04-16T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33962
published_at	2026-04-18T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33931
published_at	2026-04-21T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33558
published_at	2026-04-24T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39828
published_at	2026-04-09T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39666
published_at	2026-04-01T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39801
published_at	2026-04-12T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39837
published_at	2026-04-11T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39815
published_at	2026-04-02T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39838
published_at	2026-04-04T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39759
published_at	2026-04-07T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39814
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3420

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3420
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3420

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984446
reference_id	984446
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984446

fixed_packages

url pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cztw-ay3e-cfeq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/newlib@4.4.0.20231231-2?distro=trixie
purl	pkg:deb/debian/newlib@4.4.0.20231231-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.4.0.20231231-2%3Fdistro=trixie

url	pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie
purl	pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie

url	pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie
purl	pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie

aliases CVE-2021-3420

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pw8g-an3z-jydv

url VCID-uzg5-a999-afhp

vulnerability_id VCID-uzg5-a999-afhp

summary security update

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2305.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2305.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-2305

reference_id

reference_type

scores

value	0.28664
scoring_system	epss
scoring_elements	0.96506
published_at	2026-04-01T12:55:00Z

value	0.28664
scoring_system	epss
scoring_elements	0.96515
published_at	2026-04-02T12:55:00Z

value	0.28664
scoring_system	epss
scoring_elements	0.9652
published_at	2026-04-04T12:55:00Z

value	0.28664
scoring_system	epss
scoring_elements	0.96524
published_at	2026-04-07T12:55:00Z

value	0.28664
scoring_system	epss
scoring_elements	0.96532
published_at	2026-04-08T12:55:00Z

value	0.28664
scoring_system	epss
scoring_elements	0.96534
published_at	2026-04-09T12:55:00Z

value	0.28664
scoring_system	epss
scoring_elements	0.96537
published_at	2026-04-12T12:55:00Z

value	0.28664
scoring_system	epss
scoring_elements	0.9654
published_at	2026-04-13T12:55:00Z

value	0.28664
scoring_system	epss
scoring_elements	0.96546
published_at	2026-04-16T12:55:00Z

value	0.28664
scoring_system	epss
scoring_elements	0.96552
published_at	2026-04-18T12:55:00Z

value	0.28664
scoring_system	epss
scoring_elements	0.96555
published_at	2026-04-21T12:55:00Z

value	0.28664
scoring_system	epss
scoring_elements	0.96556
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-2305

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1191049
reference_id	1191049
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1191049

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778397
reference_id	778397
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778397

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778402
reference_id	778402
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778402

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778406
reference_id	778406
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778406

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778408
reference_id	778408
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778408

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778409
reference_id	778409
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778409

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778412
reference_id	778412
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778412

reference_url	https://access.redhat.com/errata/RHSA-2015:1053
reference_id	RHSA-2015:1053
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:1053

reference_url	https://access.redhat.com/errata/RHSA-2015:1066
reference_id	RHSA-2015:1066
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:1066

reference_url	https://usn.ubuntu.com/2572-1/
reference_id	USN-2572-1
reference_type
scores
url	https://usn.ubuntu.com/2572-1/

reference_url	https://usn.ubuntu.com/2594-1/
reference_id	USN-2594-1
reference_type
scores
url	https://usn.ubuntu.com/2594-1/

fixed_packages

url	pkg:deb/debian/newlib@2.0.0-1?distro=trixie
purl	pkg:deb/debian/newlib@2.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@2.0.0-1%3Fdistro=trixie

url pkg:deb/debian/newlib@3.3.0-1?distro=trixie

purl pkg:deb/debian/newlib@3.3.0-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cztw-ay3e-cfeq

vulnerability	VCID-pw8g-an3z-jydv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie

url pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cztw-ay3e-cfeq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie
purl	pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie

url	pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie
purl	pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie

aliases CVE-2015-2305

risk_score 0.1

exploitability 0.5

weighted_severity 0.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uzg5-a999-afhp

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie

Package Instance