Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/25420?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25420?format=api", "vulnerability_id": "VCID-5zsx-353j-8kax", "summary": "net-imap rubygem vulnerable to possible DoS by memory exhaustion\n### Summary\n\nThere is a possibility for denial of service by memory exhaustion when `net-imap` reads server responses. At any time while the client is connected, a malicious server can send can send a \"literal\" byte count, which is automatically read by the client's receiver thread. The response reader immediately allocates memory for the number of bytes indicated by the server response.\n\nThis should not be an issue when securely connecting to trusted IMAP servers that are well-behaved. It can affect insecure connections and buggy, untrusted, or compromised servers (for example, connecting to a user supplied hostname).\n\n### Details\n\nThe IMAP protocol allows \"literal\" strings to be sent in responses, prefixed with their size in curly braces (e.g. `{1234567890}\\r\\n`). When `Net::IMAP` receives a response containing a literal string, it calls `IO#read` with that size. When called with a size, `IO#read` immediately allocates memory to buffer the entire string before processing continues. The server does not need to send any more data. There is no limit on the size of literals that will be accepted.\n\n### Fix\n#### Upgrade\nUsers should upgrade to `net-imap` 0.5.7 or later. A configurable `max_response_size` limit has been added to `Net::IMAP`'s response reader. The `max_response_size` limit has also been backported to `net-imap` 0.2.5, 0.3.9, and 0.4.20.\n\nTo set a global value for `max_response_size`, users must upgrade to `net-imap` ~> 0.4.20, or > 0.5.7.\n\n#### Configuration\n\nTo avoid backward compatibility issues for secure connections to trusted well-behaved servers, the default `max_response_size` for `net-imap` 0.5.7 is _very high_ (512MiB), and the default `max_response_size` for `net-imap` ~> 0.4.20, ~> 0.3.9, and 0.2.5 is `nil` (unlimited).\n\nWhen connecting to untrusted servers or using insecure connections, a much lower `max_response_size` should be used.\n```ruby\n# Set the global max_response_size (only ~> v0.4.20, > 0.5.7)\nNet::IMAP.config.max_response_size = 256 << 10 # 256 KiB\n\n# Set when creating the connection\nimap = Net::IMAP.new(hostname, ssl: true,\n max_response_size: 16 << 10) # 16 KiB\n\n# Set after creating the connection\nimap.max_response_size = 256 << 20 # 256 KiB\n# flush currently waiting read, to ensure the new setting is loaded\nimap.noop\n```\n\n_**Please Note:**_ `max_response_size` only limits the size _per response_. It does not prevent a flood of individual responses and it does not limit how many unhandled responses may be stored on the responses hash. Users are responsible for adding response handlers to prune excessive unhandled responses.\n\n#### Compatibility with lower `max_response_size`\n\nA lower `max_response_size` may cause a few commands which legitimately return very large responses to raise an exception and close the connection. The `max_response_size` could be temporarily set to a higher value, but paginated or limited versions of commands should be used whenever possible. For example, to fetch message bodies:\n\n```ruby\nimap.max_response_size = 256 << 20 # 256 KiB\nimap.noop # flush currently waiting read\n\n# fetch a message in 252KiB chunks\nsize = imap.uid_fetch(uid, \"RFC822.SIZE\").first.rfc822_size\nlimit = 252 << 10\nmessage = ((0..size) % limit).each_with_object(\"\") {|offset, str|\n str << imap.uid_fetch(uid, \"BODY.PEEK[]<#{offset}.#{limit}>\").first.message(offset:)\n}\n\nimap.max_response_size = 16 << 20 # 16 KiB\nimap.noop # flush currently waiting read\n```\n\n### References\n\n* PR to introduce max_response_size: https://github.com/ruby/net-imap/pull/444\n * Specific commit: [0ae8576c1 - lib/net/imap/response_reader.rb](https://github.com/ruby/net-imap/pull/444/commits/0ae8576c1a90bcd9573f81bdad4b4b824642d105#diff-53721cb4d9c3fb86b95cc8476ca2df90968ad8c481645220c607034399151462)\n* Backport to 0.4: https://github.com/ruby/net-imap/pull/445\n* Backport to 0.3: https://github.com/ruby/net-imap/pull/446\n* Backport to 0.2: https://github.com/ruby/net-imap/pull/447", "aliases": [ { "alias": "CVE-2025-43857" }, { "alias": "GHSA-j3g3-5qv5-52mj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/439041?format=api", "purl": "pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=x86_64&distroversion=v3.20&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=x86_64&distroversion=v3.20&reponame=main" }, { "url": "http://public2.vulnerablecode.io/api/packages/563292?format=api", "purl": "pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=armhf&distroversion=v3.21&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=armhf&distroversion=v3.21&reponame=main" }, { "url": "http://public2.vulnerablecode.io/api/packages/563297?format=api", "purl": "pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=s390x&distroversion=v3.21&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=s390x&distroversion=v3.21&reponame=main" }, { "url": "http://public2.vulnerablecode.io/api/packages/439034?format=api", "purl": "pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=aarch64&distroversion=v3.20&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=aarch64&distroversion=v3.20&reponame=main" }, { "url": "http://public2.vulnerablecode.io/api/packages/439035?format=api", "purl": "pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=armhf&distroversion=v3.20&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=armhf&distroversion=v3.20&reponame=main" }, { "url": "http://public2.vulnerablecode.io/api/packages/439036?format=api", "purl": "pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=armv7&distroversion=v3.20&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=armv7&distroversion=v3.20&reponame=main" }, { "url": "http://public2.vulnerablecode.io/api/packages/439037?format=api", "purl": "pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=ppc64le&distroversion=v3.20&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=ppc64le&distroversion=v3.20&reponame=main" }, { "url": "http://public2.vulnerablecode.io/api/packages/439038?format=api", "purl": "pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=riscv64&distroversion=v3.20&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=riscv64&distroversion=v3.20&reponame=main" }, { "url": "http://public2.vulnerablecode.io/api/packages/439039?format=api", "purl": "pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=s390x&distroversion=v3.20&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=s390x&distroversion=v3.20&reponame=main" }, { "url": "http://public2.vulnerablecode.io/api/packages/439040?format=api", "purl": "pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=x86&distroversion=v3.20&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=x86&distroversion=v3.20&reponame=main" }, { "url": "http://public2.vulnerablecode.io/api/packages/563291?format=api", "purl": "pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=aarch64&distroversion=v3.21&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=aarch64&distroversion=v3.21&reponame=main" }, { "url": "http://public2.vulnerablecode.io/api/packages/563293?format=api", "purl": "pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=armv7&distroversion=v3.21&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=armv7&distroversion=v3.21&reponame=main" }, { "url": "http://public2.vulnerablecode.io/api/packages/563294?format=api", "purl": "pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=loongarch64&distroversion=v3.21&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=loongarch64&distroversion=v3.21&reponame=main" }, { "url": "http://public2.vulnerablecode.io/api/packages/563295?format=api", "purl": "pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=ppc64le&distroversion=v3.21&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=ppc64le&distroversion=v3.21&reponame=main" }, { "url": "http://public2.vulnerablecode.io/api/packages/563296?format=api", "purl": "pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=riscv64&distroversion=v3.21&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=riscv64&distroversion=v3.21&reponame=main" }, { "url": "http://public2.vulnerablecode.io/api/packages/563298?format=api", "purl": "pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=x86&distroversion=v3.21&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=x86&distroversion=v3.21&reponame=main" }, { "url": "http://public2.vulnerablecode.io/api/packages/563299?format=api", "purl": "pkg:apk/alpine/ruby-net-imap@0.4.22-r0?arch=x86_64&distroversion=v3.21&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby-net-imap@0.4.22-r0%3Farch=x86_64&distroversion=v3.21&reponame=main" }, { "url": "http://public2.vulnerablecode.io/api/packages/68654?format=api", "purl": "pkg:gem/net-imap@0.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/68653?format=api", "purl": "pkg:gem/net-imap@0.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/68652?format=api", "purl": "pkg:gem/net-imap@0.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/68651?format=api", "purl": "pkg:gem/net-imap@0.5.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.7" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1025842?format=api", "purl": "pkg:gem/net-imap@0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0" }, { "url": "http://public2.vulnerablecode.io/api/packages/139866?format=api", "purl": "pkg:gem/net-imap@0.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/139867?format=api", "purl": "pkg:gem/net-imap@0.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/139868?format=api", "purl": "pkg:gem/net-imap@0.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/139869?format=api", "purl": "pkg:gem/net-imap@0.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/139870?format=api", "purl": "pkg:gem/net-imap@0.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/139871?format=api", "purl": "pkg:gem/net-imap@0.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/139872?format=api", "purl": "pkg:gem/net-imap@0.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/68654?format=api", "purl": "pkg:gem/net-imap@0.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/130705?format=api", "purl": "pkg:gem/net-imap@0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/139873?format=api", "purl": "pkg:gem/net-imap@0.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/139874?format=api", "purl": "pkg:gem/net-imap@0.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/130704?format=api", "purl": "pkg:gem/net-imap@0.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/139875?format=api", "purl": "pkg:gem/net-imap@0.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/139876?format=api", "purl": "pkg:gem/net-imap@0.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/139877?format=api", "purl": "pkg:gem/net-imap@0.3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/139878?format=api", "purl": "pkg:gem/net-imap@0.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/139879?format=api", "purl": "pkg:gem/net-imap@0.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/139880?format=api", "purl": "pkg:gem/net-imap@0.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/69492?format=api", "purl": "pkg:gem/net-imap@0.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/68653?format=api", "purl": "pkg:gem/net-imap@0.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/130702?format=api", "purl": "pkg:gem/net-imap@0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/139881?format=api", "purl": "pkg:gem/net-imap@0.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/139882?format=api", "purl": "pkg:gem/net-imap@0.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/139883?format=api", "purl": "pkg:gem/net-imap@0.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/139884?format=api", "purl": "pkg:gem/net-imap@0.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/139885?format=api", "purl": "pkg:gem/net-imap@0.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/139886?format=api", "purl": "pkg:gem/net-imap@0.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/139887?format=api", "purl": "pkg:gem/net-imap@0.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/139888?format=api", "purl": "pkg:gem/net-imap@0.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/139889?format=api", "purl": "pkg:gem/net-imap@0.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/139890?format=api", "purl": "pkg:gem/net-imap@0.4.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/139891?format=api", "purl": "pkg:gem/net-imap@0.4.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/139892?format=api", "purl": "pkg:gem/net-imap@0.4.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/139893?format=api", "purl": "pkg:gem/net-imap@0.4.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/139894?format=api", "purl": "pkg:gem/net-imap@0.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/139895?format=api", "purl": "pkg:gem/net-imap@0.4.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/139896?format=api", "purl": "pkg:gem/net-imap@0.4.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/139897?format=api", "purl": "pkg:gem/net-imap@0.4.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/139898?format=api", "purl": "pkg:gem/net-imap@0.4.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/139899?format=api", "purl": "pkg:gem/net-imap@0.4.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/139900?format=api", "purl": "pkg:gem/net-imap@0.4.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/69493?format=api", "purl": "pkg:gem/net-imap@0.4.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/68652?format=api", "purl": "pkg:gem/net-imap@0.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.4.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/130703?format=api", "purl": "pkg:gem/net-imap@0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/139901?format=api", "purl": "pkg:gem/net-imap@0.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/139902?format=api", "purl": "pkg:gem/net-imap@0.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/139903?format=api", "purl": "pkg:gem/net-imap@0.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/139904?format=api", "purl": "pkg:gem/net-imap@0.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/139905?format=api", "purl": "pkg:gem/net-imap@0.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/139906?format=api", "purl": "pkg:gem/net-imap@0.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" }, { "vulnerability": "VCID-wyjh-cuuy-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/69494?format=api", "purl": "pkg:gem/net-imap@0.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/68651?format=api", "purl": "pkg:gem/net-imap@0.5.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5zsx-353j-8kax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/net-imap@0.5.7" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43857.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43857.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-43857", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67186", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67166", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67185", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67101", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67102", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67182", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67137", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67168", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.6715", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67163", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67126", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67171", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-43857" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/ruby/net-imap", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ruby/net-imap" }, { "reference_url": "https://github.com/ruby/net-imap/pull/442", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T17:59:30Z/" } ], "url": "https://github.com/ruby/net-imap/pull/442" }, { "reference_url": "https://github.com/ruby/net-imap/pull/444", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ruby/net-imap/pull/444" }, { "reference_url": "https://github.com/ruby/net-imap/pull/444/commits/0ae8576c1a90bcd9573f81bdad4b4b824642d105#diff-53721cb4d9c3fb86b95cc8476ca2df90968ad8c481645220c607034399151462", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T17:59:30Z/" } ], "url": "https://github.com/ruby/net-imap/pull/444/commits/0ae8576c1a90bcd9573f81bdad4b4b824642d105#diff-53721cb4d9c3fb86b95cc8476ca2df90968ad8c481645220c607034399151462" }, { "reference_url": "https://github.com/ruby/net-imap/pull/445", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T17:59:30Z/" } ], "url": "https://github.com/ruby/net-imap/pull/445" }, { "reference_url": "https://github.com/ruby/net-imap/pull/446", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T17:59:30Z/" } ], "url": "https://github.com/ruby/net-imap/pull/446" }, { "reference_url": "https://github.com/ruby/net-imap/pull/447", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T17:59:30Z/" } ], "url": "https://github.com/ruby/net-imap/pull/447" }, { "reference_url": "https://github.com/ruby/net-imap/security/advisories/GHSA-j3g3-5qv5-52mj", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T17:59:30Z/" } ], "url": "https://github.com/ruby/net-imap/security/advisories/GHSA-j3g3-5qv5-52mj" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2025-43857.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2025-43857.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43857", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43857" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104486", "reference_id": "1104486", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104486" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362749", "reference_id": "2362749", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362749" }, { "reference_url": "https://github.com/advisories/GHSA-j3g3-5qv5-52mj", "reference_id": "GHSA-j3g3-5qv5-52mj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j3g3-5qv5-52mj" } ], "weaknesses": [ { "cwe_id": 400, "name": "Uncontrolled Resource Consumption", "description": "The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources." }, { "cwe_id": 405, "name": "Asymmetric Resource Consumption (Amplification)", "description": "The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is asymmetric." }, { "cwe_id": 770, "name": "Allocation of Resources Without Limits or Throttling", "description": "The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor." }, { "cwe_id": 789, "name": "Memory Allocation with Excessive Size Value", "description": "The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "3.1 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5zsx-353j-8kax" }