Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/94440?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/94440?format=api", "purl": "pkg:rpm/redhat/edk2@20220126gitbb1bba3d77-4.el8_8?arch=3", "type": "rpm", "namespace": "redhat", "name": "edk2", "version": "20220126gitbb1bba3d77-4.el8_8", "qualifiers": { "arch": "3" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81114?format=api", "vulnerability_id": "VCID-9ts5-pn9z-8yap", "summary": "edk2: Function GetEfiGlobalVariable2() return value not checked in DxeImageVerificationHandler()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14560.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14560.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1858038", "reference_id": "1858038", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1858038" }, { "reference_url": "https://security.archlinux.org/AVG-1360", "reference_id": "AVG-1360", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1360" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6330", "reference_id": "RHSA-2023:6330", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6330" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6919", "reference_id": "RHSA-2023:6919", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6919" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0408", "reference_id": "RHSA-2024:0408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1415", "reference_id": "RHSA-2024:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1415" } ], "fixed_packages": [], "aliases": [ "CVE-2019-14560" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ts5-pn9z-8yap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77812?format=api", "vulnerability_id": "VCID-ha36-4zhr-mfcu", "summary": "edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45234.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45234.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45234", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53896", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53807", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53834", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53859", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53857", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53905", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53887", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53871", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53909", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53915", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45234" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45234", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45234" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256", "reference_id": "1061256", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/16/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T20:09:26Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258697", "reference_id": "2258697", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258697" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", "reference_id": "GHSA-hc6x-cw6p-gj7h", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T20:09:26Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240307-0011/", "reference_id": "ntap-20240307-0011", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T20:09:26Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" }, { "reference_url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", "reference_id": "PixieFail-Proof-Of-Concepts.html", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T20:09:26Z/" } ], "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1063", "reference_id": "RHSA-2024:1063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1063" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1075", "reference_id": "RHSA-2024:1075", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1076", "reference_id": "RHSA-2024:1076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1077", "reference_id": "RHSA-2024:1077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1305", "reference_id": "RHSA-2024:1305", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1305" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1415", "reference_id": "RHSA-2024:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1722", "reference_id": "RHSA-2024:1722", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1722" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3497", "reference_id": "RHSA-2024:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3497" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", "reference_id": "SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T20:09:26Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/" }, { "reference_url": "https://usn.ubuntu.com/6638-1/", "reference_id": "USN-6638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6638-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2023-45234" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ha36-4zhr-mfcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77808?format=api", "vulnerability_id": "VCID-u9mt-wbe7-yfb6", "summary": "edk2: Buffer overflow in the DHCPv6 client via a long Server ID option", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45230.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45230.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53896", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53807", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53834", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53859", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53857", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53905", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53887", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53871", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53909", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53915", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45230" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45230", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45230" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256", "reference_id": "1061256", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/16/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:15:22Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258685", "reference_id": "2258685", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258685" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", "reference_id": "GHSA-hc6x-cw6p-gj7h", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:15:22Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240307-0011/", "reference_id": "ntap-20240307-0011", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:15:22Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" }, { "reference_url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", "reference_id": "PixieFail-Proof-Of-Concepts.html", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:15:22Z/" } ], "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1004", "reference_id": "RHSA-2024:1004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1013", "reference_id": "RHSA-2024:1013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1063", "reference_id": "RHSA-2024:1063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1063" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1075", "reference_id": "RHSA-2024:1075", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1076", "reference_id": "RHSA-2024:1076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1077", "reference_id": "RHSA-2024:1077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1415", "reference_id": "RHSA-2024:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3497", "reference_id": "RHSA-2024:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3497" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", "reference_id": "SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:15:22Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/" }, { "reference_url": "https://usn.ubuntu.com/6638-1/", "reference_id": "USN-6638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6638-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2023-45230" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u9mt-wbe7-yfb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18438?format=api", "vulnerability_id": "VCID-vhkt-tbz6-wuf7", "summary": "Inefficient Regular Expression Complexity\nIssue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus ('p' parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\n\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulernable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the '-check' option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3446.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3446.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3446", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76138", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76224", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76171", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76151", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76184", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76197", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76222", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76198", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76196", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76237", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76242", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3446" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:22Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:22Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:22Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:22Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23" }, { "reference_url": "https://www.openssl.org/news/secadv/20230719.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:22Z/" } ], "url": "https://www.openssl.org/news/secadv/20230719.txt" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/07/19/4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2023/07/19/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/07/19/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2023/07/19/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/07/19/6", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2023/07/19/6" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041817", "reference_id": "1041817", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041817" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224962", "reference_id": "2224962", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224962" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3446", "reference_id": "CVE-2023-3446", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3446" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7622", "reference_id": "RHSA-2023:7622", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7622" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7623", "reference_id": "RHSA-2023:7623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7625", "reference_id": "RHSA-2023:7625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7626", "reference_id": "RHSA-2023:7626", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7626" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7877", "reference_id": "RHSA-2023:7877", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7877" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0154", "reference_id": "RHSA-2024:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0208", "reference_id": "RHSA-2024:0208", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0208" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0408", "reference_id": "RHSA-2024:0408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0888", "reference_id": "RHSA-2024:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0888" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1415", "reference_id": "RHSA-2024:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2264", "reference_id": "RHSA-2024:2264", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2264" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2447", "reference_id": "RHSA-2024:2447", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2447" }, { "reference_url": "https://usn.ubuntu.com/6435-1/", "reference_id": "USN-6435-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6435-1/" }, { "reference_url": "https://usn.ubuntu.com/6435-2/", "reference_id": "USN-6435-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6435-2/" }, { "reference_url": "https://usn.ubuntu.com/6450-1/", "reference_id": "USN-6450-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6450-1/" }, { "reference_url": "https://usn.ubuntu.com/6709-1/", "reference_id": "USN-6709-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6709-1/" }, { "reference_url": "https://usn.ubuntu.com/7018-1/", "reference_id": "USN-7018-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7018-1/" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2023-3446" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vhkt-tbz6-wuf7" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/edk2@20220126gitbb1bba3d77-4.el8_8%3Farch=3" }