Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/45761?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45761?format=api", "vulnerability_id": "VCID-w1qj-n768-hbar", "summary": "Excessive Iteration\nIssue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "aliases": [ { "alias": "CVE-2023-3817" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63866?format=api", "purl": "pkg:conan/openssl@1.1.1w", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1w" }, { "url": "http://public2.vulnerablecode.io/api/packages/63867?format=api", "purl": "pkg:conan/openssl@3.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nx5k-32hq-yuh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/64354?format=api", "purl": "pkg:conan/openssl@3.1.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.1.3" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58751?format=api", "purl": "pkg:conan/openssl@1.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hgm-58xg-r7bt" }, { "vulnerability": "VCID-3g6n-ujyv-jub3" }, { "vulnerability": "VCID-5a2a-trbk-fkfg" }, { "vulnerability": "VCID-8q7w-7je3-zkgt" }, { "vulnerability": "VCID-as38-bfar-q3hh" }, { "vulnerability": "VCID-erdm-7pfg-e7hc" }, { "vulnerability": "VCID-ju5y-bakm-mqd8" }, { "vulnerability": "VCID-mnkq-e45g-fyfw" }, { "vulnerability": "VCID-nqu1-ffyz-wubt" }, { "vulnerability": "VCID-taas-512g-jfdw" }, { "vulnerability": "VCID-ts7c-u8g2-rqa4" }, { "vulnerability": "VCID-uw52-vah8-uqda" }, { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66348?format=api", "purl": "pkg:conan/openssl@1.0.2a", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2a" }, { "url": "http://public2.vulnerablecode.io/api/packages/66349?format=api", "purl": "pkg:conan/openssl@1.0.2b", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2b" }, { "url": "http://public2.vulnerablecode.io/api/packages/66350?format=api", "purl": "pkg:conan/openssl@1.0.2c", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2c" }, { "url": "http://public2.vulnerablecode.io/api/packages/66351?format=api", "purl": "pkg:conan/openssl@1.0.2d", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2d" }, { "url": "http://public2.vulnerablecode.io/api/packages/66352?format=api", "purl": "pkg:conan/openssl@1.0.2e", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2e" }, { "url": "http://public2.vulnerablecode.io/api/packages/66353?format=api", "purl": "pkg:conan/openssl@1.0.2f", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2f" }, { "url": "http://public2.vulnerablecode.io/api/packages/66354?format=api", "purl": "pkg:conan/openssl@1.0.2g", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2g" }, { "url": "http://public2.vulnerablecode.io/api/packages/66355?format=api", "purl": "pkg:conan/openssl@1.0.2h", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2h" }, { "url": "http://public2.vulnerablecode.io/api/packages/66356?format=api", "purl": "pkg:conan/openssl@1.0.2i", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2i" }, { "url": "http://public2.vulnerablecode.io/api/packages/66357?format=api", "purl": "pkg:conan/openssl@1.0.2j", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2j" }, { "url": "http://public2.vulnerablecode.io/api/packages/66358?format=api", "purl": "pkg:conan/openssl@1.0.2k", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2k" }, { "url": "http://public2.vulnerablecode.io/api/packages/66359?format=api", "purl": "pkg:conan/openssl@1.0.2l", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2l" }, { "url": "http://public2.vulnerablecode.io/api/packages/66360?format=api", "purl": "pkg:conan/openssl@1.0.2m", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2m" }, { "url": "http://public2.vulnerablecode.io/api/packages/66361?format=api", "purl": "pkg:conan/openssl@1.0.2n", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2n" }, { "url": "http://public2.vulnerablecode.io/api/packages/66362?format=api", "purl": "pkg:conan/openssl@1.0.2o", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2o" }, { "url": "http://public2.vulnerablecode.io/api/packages/66363?format=api", "purl": "pkg:conan/openssl@1.0.2p", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2p" }, { "url": "http://public2.vulnerablecode.io/api/packages/66364?format=api", "purl": "pkg:conan/openssl@1.0.2q", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2q" }, { "url": "http://public2.vulnerablecode.io/api/packages/66365?format=api", "purl": "pkg:conan/openssl@1.0.2r", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2r" }, { "url": "http://public2.vulnerablecode.io/api/packages/59828?format=api", "purl": "pkg:conan/openssl@1.0.2s", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2s" }, { "url": "http://public2.vulnerablecode.io/api/packages/66366?format=api", "purl": "pkg:conan/openssl@1.0.2t", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2t" }, { "url": "http://public2.vulnerablecode.io/api/packages/66367?format=api", "purl": "pkg:conan/openssl@1.0.2u", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2u" }, { "url": "http://public2.vulnerablecode.io/api/packages/66368?format=api", "purl": "pkg:conan/openssl@1.0.2v", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2v" }, { "url": "http://public2.vulnerablecode.io/api/packages/66369?format=api", "purl": "pkg:conan/openssl@1.0.2w", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2w" }, { "url": "http://public2.vulnerablecode.io/api/packages/66370?format=api", "purl": "pkg:conan/openssl@1.0.2y", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2y" }, { "url": "http://public2.vulnerablecode.io/api/packages/66371?format=api", "purl": "pkg:conan/openssl@1.0.2za", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2za" }, { "url": "http://public2.vulnerablecode.io/api/packages/66372?format=api", "purl": "pkg:conan/openssl@1.0.2zb", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2zb" }, { "url": "http://public2.vulnerablecode.io/api/packages/66373?format=api", "purl": "pkg:conan/openssl@1.0.2zc", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2zc" }, { "url": "http://public2.vulnerablecode.io/api/packages/60984?format=api", "purl": "pkg:conan/openssl@1.0.2zd", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2zd" }, { "url": "http://public2.vulnerablecode.io/api/packages/66374?format=api", "purl": "pkg:conan/openssl@1.0.2ze", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2ze" }, { "url": "http://public2.vulnerablecode.io/api/packages/66375?format=api", "purl": "pkg:conan/openssl@1.0.2zf", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2zf" }, { "url": "http://public2.vulnerablecode.io/api/packages/66376?format=api", "purl": "pkg:conan/openssl@1.0.2zg", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2zg" }, { "url": "http://public2.vulnerablecode.io/api/packages/66377?format=api", "purl": "pkg:conan/openssl@1.0.2zh", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2zh" }, { "url": "http://public2.vulnerablecode.io/api/packages/58752?format=api", "purl": "pkg:conan/openssl@1.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hgm-58xg-r7bt" }, { "vulnerability": "VCID-3g6n-ujyv-jub3" }, { "vulnerability": "VCID-8q7w-7je3-zkgt" }, { "vulnerability": "VCID-as38-bfar-q3hh" }, { "vulnerability": "VCID-erdm-7pfg-e7hc" }, { "vulnerability": "VCID-gj2m-z5b6-6yf2" }, { "vulnerability": "VCID-ju5y-bakm-mqd8" }, { "vulnerability": "VCID-mm8w-472m-puea" }, { "vulnerability": "VCID-mnkq-e45g-fyfw" }, { "vulnerability": "VCID-n1r2-zqmn-2ufh" }, { "vulnerability": "VCID-taas-512g-jfdw" }, { "vulnerability": "VCID-ts7c-u8g2-rqa4" }, { "vulnerability": "VCID-uw52-vah8-uqda" }, { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66378?format=api", "purl": "pkg:conan/openssl@1.1.1a", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1a" }, { "url": "http://public2.vulnerablecode.io/api/packages/66379?format=api", "purl": "pkg:conan/openssl@1.1.1b", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1b" }, { "url": "http://public2.vulnerablecode.io/api/packages/66380?format=api", "purl": "pkg:conan/openssl@1.1.1c", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1c" }, { "url": "http://public2.vulnerablecode.io/api/packages/66381?format=api", "purl": "pkg:conan/openssl@1.1.1d", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1d" }, { "url": "http://public2.vulnerablecode.io/api/packages/66382?format=api", "purl": "pkg:conan/openssl@1.1.1e", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1e" }, { "url": "http://public2.vulnerablecode.io/api/packages/66383?format=api", "purl": "pkg:conan/openssl@1.1.1f", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1f" }, { "url": "http://public2.vulnerablecode.io/api/packages/66384?format=api", "purl": "pkg:conan/openssl@1.1.1g", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1g" }, { "url": "http://public2.vulnerablecode.io/api/packages/66385?format=api", "purl": "pkg:conan/openssl@1.1.1h", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1h" }, { "url": "http://public2.vulnerablecode.io/api/packages/66386?format=api", "purl": "pkg:conan/openssl@1.1.1i", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1i" }, { "url": "http://public2.vulnerablecode.io/api/packages/66387?format=api", "purl": "pkg:conan/openssl@1.1.1j", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1j" }, { "url": "http://public2.vulnerablecode.io/api/packages/66388?format=api", "purl": "pkg:conan/openssl@1.1.1k", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1k" }, { "url": "http://public2.vulnerablecode.io/api/packages/66389?format=api", "purl": "pkg:conan/openssl@1.1.1l", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1l" }, { "url": "http://public2.vulnerablecode.io/api/packages/60313?format=api", "purl": "pkg:conan/openssl@1.1.1m", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1m" }, { "url": "http://public2.vulnerablecode.io/api/packages/60985?format=api", "purl": "pkg:conan/openssl@1.1.1n", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1n" }, { "url": "http://public2.vulnerablecode.io/api/packages/58754?format=api", "purl": "pkg:conan/openssl@1.1.1o", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1o" }, { "url": "http://public2.vulnerablecode.io/api/packages/66390?format=api", "purl": "pkg:conan/openssl@1.1.1p", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1p" }, { "url": "http://public2.vulnerablecode.io/api/packages/66391?format=api", "purl": "pkg:conan/openssl@1.1.1q", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1q" }, { "url": "http://public2.vulnerablecode.io/api/packages/66392?format=api", "purl": "pkg:conan/openssl@1.1.1r", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1r" }, { "url": "http://public2.vulnerablecode.io/api/packages/66393?format=api", "purl": "pkg:conan/openssl@1.1.1s", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1s" }, { "url": "http://public2.vulnerablecode.io/api/packages/66394?format=api", "purl": "pkg:conan/openssl@1.1.1t", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1t" }, { "url": "http://public2.vulnerablecode.io/api/packages/66395?format=api", "purl": "pkg:conan/openssl@1.1.1u", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1u" }, { "url": "http://public2.vulnerablecode.io/api/packages/59827?format=api", "purl": "pkg:conan/openssl@3.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hgm-58xg-r7bt" }, { "vulnerability": "VCID-1yjs-f4gq-h7ht" }, { "vulnerability": "VCID-3g6n-ujyv-jub3" }, { "vulnerability": "VCID-5a2a-trbk-fkfg" }, { "vulnerability": "VCID-5rhg-tvzd-h7es" }, { "vulnerability": "VCID-86j5-ag2t-2qhj" }, { "vulnerability": "VCID-8q7w-7je3-zkgt" }, { "vulnerability": "VCID-97cm-wmq1-gkfd" }, { "vulnerability": "VCID-as38-bfar-q3hh" }, { "vulnerability": "VCID-erdm-7pfg-e7hc" }, { "vulnerability": "VCID-f2np-fk61-nbh1" }, { "vulnerability": "VCID-gj2m-z5b6-6yf2" }, { "vulnerability": "VCID-ju5y-bakm-mqd8" }, { "vulnerability": "VCID-m7sy-6spe-6yau" }, { "vulnerability": "VCID-mm8w-472m-puea" }, { "vulnerability": "VCID-mnkq-e45g-fyfw" }, { "vulnerability": "VCID-nqu1-ffyz-wubt" }, { "vulnerability": "VCID-nx5k-32hq-yuh4" }, { "vulnerability": "VCID-s6rb-rb8j-yfc6" }, { "vulnerability": "VCID-sd2f-6nk6-dua6" }, { "vulnerability": "VCID-se2f-3x6g-7uc6" }, { "vulnerability": "VCID-taas-512g-jfdw" }, { "vulnerability": "VCID-tjhj-1wc7-rych" }, { "vulnerability": "VCID-ts7c-u8g2-rqa4" }, { "vulnerability": "VCID-vyxk-cz2r-ffgf" }, { "vulnerability": "VCID-w1qj-n768-hbar" }, { "vulnerability": "VCID-yhn2-ctzh-ducy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/64353?format=api", "purl": "pkg:conan/openssl@3.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3g6n-ujyv-jub3" }, { "vulnerability": "VCID-5rhg-tvzd-h7es" }, { "vulnerability": "VCID-8q7w-7je3-zkgt" }, { "vulnerability": "VCID-as38-bfar-q3hh" }, { "vulnerability": "VCID-m7sy-6spe-6yau" }, { "vulnerability": "VCID-mm8w-472m-puea" }, { "vulnerability": "VCID-mnkq-e45g-fyfw" }, { "vulnerability": "VCID-nx5k-32hq-yuh4" }, { "vulnerability": "VCID-sd2f-6nk6-dua6" }, { "vulnerability": "VCID-vyxk-cz2r-ffgf" }, { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.1.0" } ], "references": [ { "reference_url": "http://seclists.org/fulldisclosure/2023/Jul/43", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/fulldisclosure/2023/Jul/43" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5" }, { "reference_url": "https://www.openssl.org/news/secadv/20230731.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.openssl.org/news/secadv/20230731.txt" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/07/31/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2023/07/31/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3817", "reference_id": "CVE-2023-3817", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3817" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 834, "name": "Excessive Iteration", "description": "The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w1qj-n768-hbar" }