Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-qeyh-2f6t-bbbb

Summary Multiple vulnerabilities in glibc could result in Local Privilege Escalation.

Aliases

alias	CVE-2023-5156

Fixed_packages

url	pkg:deb/debian/glibc@0?distro=trixie
purl	pkg:deb/debian/glibc@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glibc@0%3Fdistro=trixie

url pkg:deb/debian/glibc@2.31-13%2Bdeb11u11?distro=trixie

purl pkg:deb/debian/glibc@2.31-13%2Bdeb11u11?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3e43-r92j-hkd3

vulnerability	VCID-9nqp-tfvr-ayen

vulnerability	VCID-jswq-6ru6-wybc

vulnerability	VCID-kukb-s61t-pbc3

vulnerability	VCID-nwfb-xnks-1kg7

vulnerability	VCID-ssnc-wdcf-sfc9

vulnerability	VCID-tcpv-4crc-zuap

vulnerability	VCID-us68-psx5-zude

vulnerability	VCID-zn6t-3mvb-wufm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glibc@2.31-13%252Bdeb11u11%3Fdistro=trixie

url pkg:deb/debian/glibc@2.36-9%2Bdeb12u13?distro=trixie

purl pkg:deb/debian/glibc@2.36-9%2Bdeb12u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3e43-r92j-hkd3

vulnerability	VCID-nwfb-xnks-1kg7

vulnerability	VCID-ssnc-wdcf-sfc9

vulnerability	VCID-tcpv-4crc-zuap

vulnerability	VCID-us68-psx5-zude

vulnerability	VCID-zn6t-3mvb-wufm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glibc@2.36-9%252Bdeb12u13%3Fdistro=trixie

url	pkg:deb/debian/glibc@2.37-11?distro=trixie
purl	pkg:deb/debian/glibc@2.37-11?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glibc@2.37-11%3Fdistro=trixie

url pkg:deb/debian/glibc@2.41-12%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/glibc@2.41-12%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3e43-r92j-hkd3

vulnerability	VCID-nwfb-xnks-1kg7

vulnerability	VCID-us68-psx5-zude

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glibc@2.41-12%252Bdeb13u2%3Fdistro=trixie

url pkg:deb/debian/glibc@2.42-13?distro=trixie

purl pkg:deb/debian/glibc@2.42-13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3e43-r92j-hkd3

vulnerability	VCID-nwfb-xnks-1kg7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glibc@2.42-13%3Fdistro=trixie

url pkg:deb/debian/glibc@2.42-14?distro=trixie

purl pkg:deb/debian/glibc@2.42-14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-us68-psx5-zude

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glibc@2.42-14%3Fdistro=trixie

url	pkg:deb/debian/glibc@2.42-15?distro=trixie
purl	pkg:deb/debian/glibc@2.42-15?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glibc@2.42-15%3Fdistro=trixie

url	pkg:ebuild/sys-libs/glibc@2.38-r10
purl	pkg:ebuild/sys-libs/glibc@2.38-r10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/sys-libs/glibc@2.38-r10

Affected_packages

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5156.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5156.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-5156

reference_id

reference_type

scores

value	0.00055
scoring_system	epss
scoring_elements	0.1714
published_at	2026-04-21T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18304
published_at	2026-04-02T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18144
published_at	2026-04-08T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18199
published_at	2026-04-09T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18204
published_at	2026-04-11T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18157
published_at	2026-04-12T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18106
published_at	2026-04-13T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18049
published_at	2026-04-16T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18062
published_at	2026-04-18T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18359
published_at	2026-04-04T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18061
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-5156

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053002
reference_id	1053002
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053002

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2240541

reference_id

2240541

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-15T20:03:45Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2240541

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id	cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9

reference_url

https://access.redhat.com/security/cve/CVE-2023-5156

reference_id

CVE-2023-5156

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-15T20:03:45Z/

url

https://access.redhat.com/security/cve/CVE-2023-5156

reference_url	https://security.gentoo.org/glsa/202402-01
reference_id	GLSA-202402-01
reference_type
scores
url	https://security.gentoo.org/glsa/202402-01

reference_url

https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ec6b95c3303c700eb89eebeda2d7264cc184a796

reference_id

?p=glibc.git;a=commitdiff;h=ec6b95c3303c700eb89eebeda2d7264cc184a796

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-15T20:03:45Z/

url

https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ec6b95c3303c700eb89eebeda2d7264cc184a796

reference_url

https://sourceware.org/bugzilla/show_bug.cgi?id=30884

reference_id

show_bug.cgi?id=30884

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-15T20:03:45Z/

url

https://sourceware.org/bugzilla/show_bug.cgi?id=30884

reference_url	https://usn.ubuntu.com/6541-1/
reference_id	USN-6541-1
reference_type
scores
url	https://usn.ubuntu.com/6541-1/

Weaknesses

cwe_id	401
name	Missing Release of Memory after Effective Lifetime
description	The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Exploits

Severity_range_score 3.7 - 7.5

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qeyh-2f6t-bbbb

Vulnerability Instance