Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-4fcw-qdwc-4ycd

Summary security update

Aliases

alias	CVE-2014-9087

Fixed_packages

url	pkg:deb/debian/gnupg2@0?distro=trixie
purl	pkg:deb/debian/gnupg2@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@0%3Fdistro=trixie

url pkg:deb/debian/gnupg2@2.2.27-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/gnupg2@2.2.27-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zx65-nc6s-8yf9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.2.27-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/gnupg2@2.2.40-1.1%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/gnupg2@2.2.40-1.1%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zx65-nc6s-8yf9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.2.40-1.1%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/gnupg2@2.4.7-21%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/gnupg2@2.4.7-21%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-79fy-gfr6-zkgq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.4.7-21%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/gnupg2@2.4.9-4?distro=trixie

purl pkg:deb/debian/gnupg2@2.4.9-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-79fy-gfr6-zkgq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.4.9-4%3Fdistro=trixie

url pkg:deb/debian/libksba@1.2.0-2%2Bdeb7u1

purl pkg:deb/debian/libksba@1.2.0-2%2Bdeb7u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2k1z-c7zj-8kc7

vulnerability	VCID-3fjq-1b8h-f3dn

vulnerability	VCID-4fcw-qdwc-4ycd

vulnerability	VCID-7p37-h69u-kkam

vulnerability	VCID-hj28-x236-9ufu

vulnerability	VCID-hkv6-bqra-k7hp

vulnerability	VCID-natd-8zu1-kkba

vulnerability	VCID-suva-8fdh-6fby

vulnerability	VCID-ywyd-pve8-ybhm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libksba@1.2.0-2%252Bdeb7u1

url pkg:deb/debian/libksba@1.3.2-1

purl pkg:deb/debian/libksba@1.3.2-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2k1z-c7zj-8kc7

vulnerability	VCID-3fjq-1b8h-f3dn

vulnerability	VCID-7p37-h69u-kkam

vulnerability	VCID-hj28-x236-9ufu

vulnerability	VCID-hkv6-bqra-k7hp

vulnerability	VCID-natd-8zu1-kkba

vulnerability	VCID-suva-8fdh-6fby

vulnerability	VCID-ywyd-pve8-ybhm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libksba@1.3.2-1

url	pkg:deb/debian/libksba@1.3.2-1?distro=trixie
purl	pkg:deb/debian/libksba@1.3.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libksba@1.3.2-1%3Fdistro=trixie

url	pkg:deb/debian/libksba@1.5.0-3%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/libksba@1.5.0-3%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libksba@1.5.0-3%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/libksba@1.6.3-2?distro=trixie
purl	pkg:deb/debian/libksba@1.6.3-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libksba@1.6.3-2%3Fdistro=trixie

url	pkg:deb/debian/libksba@1.6.7-2?distro=trixie
purl	pkg:deb/debian/libksba@1.6.7-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libksba@1.6.7-2%3Fdistro=trixie

url	pkg:deb/debian/libksba@1.6.8-2?distro=trixie
purl	pkg:deb/debian/libksba@1.6.8-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libksba@1.6.8-2%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/libksba@0.9.9-2

purl pkg:deb/debian/libksba@0.9.9-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2k1z-c7zj-8kc7

vulnerability	VCID-3fjq-1b8h-f3dn

vulnerability	VCID-4fcw-qdwc-4ycd

vulnerability	VCID-7p37-h69u-kkam

vulnerability	VCID-h2ef-5mj3-t7ay

vulnerability	VCID-hj28-x236-9ufu

vulnerability	VCID-hkv6-bqra-k7hp

vulnerability	VCID-natd-8zu1-kkba

vulnerability	VCID-suva-8fdh-6fby

vulnerability	VCID-ywyd-pve8-ybhm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libksba@0.9.9-2

url pkg:deb/debian/libksba@1.0.0-1

purl pkg:deb/debian/libksba@1.0.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2k1z-c7zj-8kc7

vulnerability	VCID-3fjq-1b8h-f3dn

vulnerability	VCID-4fcw-qdwc-4ycd

vulnerability	VCID-7p37-h69u-kkam

vulnerability	VCID-hj28-x236-9ufu

vulnerability	VCID-hkv6-bqra-k7hp

vulnerability	VCID-natd-8zu1-kkba

vulnerability	VCID-suva-8fdh-6fby

vulnerability	VCID-ywyd-pve8-ybhm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libksba@1.0.0-1

url pkg:deb/debian/libksba@1.0.3-1

purl pkg:deb/debian/libksba@1.0.3-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2k1z-c7zj-8kc7

vulnerability	VCID-3fjq-1b8h-f3dn

vulnerability	VCID-4fcw-qdwc-4ycd

vulnerability	VCID-7p37-h69u-kkam

vulnerability	VCID-hj28-x236-9ufu

vulnerability	VCID-hkv6-bqra-k7hp

vulnerability	VCID-natd-8zu1-kkba

vulnerability	VCID-suva-8fdh-6fby

vulnerability	VCID-ywyd-pve8-ybhm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libksba@1.0.3-1

url pkg:deb/debian/libksba@1.0.7-2

purl pkg:deb/debian/libksba@1.0.7-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2k1z-c7zj-8kc7

vulnerability	VCID-3fjq-1b8h-f3dn

vulnerability	VCID-4fcw-qdwc-4ycd

vulnerability	VCID-7p37-h69u-kkam

vulnerability	VCID-hj28-x236-9ufu

vulnerability	VCID-hkv6-bqra-k7hp

vulnerability	VCID-natd-8zu1-kkba

vulnerability	VCID-suva-8fdh-6fby

vulnerability	VCID-ywyd-pve8-ybhm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libksba@1.0.7-2

url pkg:deb/debian/libksba@1.0.7-2%2Bdeb6u1

purl pkg:deb/debian/libksba@1.0.7-2%2Bdeb6u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2k1z-c7zj-8kc7

vulnerability	VCID-3fjq-1b8h-f3dn

vulnerability	VCID-4fcw-qdwc-4ycd

vulnerability	VCID-7p37-h69u-kkam

vulnerability	VCID-hj28-x236-9ufu

vulnerability	VCID-hkv6-bqra-k7hp

vulnerability	VCID-natd-8zu1-kkba

vulnerability	VCID-suva-8fdh-6fby

vulnerability	VCID-ywyd-pve8-ybhm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libksba@1.0.7-2%252Bdeb6u1

url pkg:deb/debian/libksba@1.2.0-2%2Bdeb7u1

purl pkg:deb/debian/libksba@1.2.0-2%2Bdeb7u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2k1z-c7zj-8kc7

vulnerability	VCID-3fjq-1b8h-f3dn

vulnerability	VCID-4fcw-qdwc-4ycd

vulnerability	VCID-7p37-h69u-kkam

vulnerability	VCID-hj28-x236-9ufu

vulnerability	VCID-hkv6-bqra-k7hp

vulnerability	VCID-natd-8zu1-kkba

vulnerability	VCID-suva-8fdh-6fby

vulnerability	VCID-ywyd-pve8-ybhm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libksba@1.2.0-2%252Bdeb7u1

References

reference_url	http://advisories.mageia.org/MGASA-2014-0498.html
reference_id
reference_type
scores
url	http://advisories.mageia.org/MGASA-2014-0498.html

reference_url	http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html
reference_id
reference_type
scores
url	http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9087.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9087.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9087

reference_id

reference_type

scores

value	0.06903
scoring_system	epss
scoring_elements	0.91416
published_at	2026-04-21T12:55:00Z

value	0.06903
scoring_system	epss
scoring_elements	0.91342
published_at	2026-04-01T12:55:00Z

value	0.06903
scoring_system	epss
scoring_elements	0.91348
published_at	2026-04-02T12:55:00Z

value	0.06903
scoring_system	epss
scoring_elements	0.91359
published_at	2026-04-04T12:55:00Z

value	0.06903
scoring_system	epss
scoring_elements	0.91366
published_at	2026-04-07T12:55:00Z

value	0.06903
scoring_system	epss
scoring_elements	0.91378
published_at	2026-04-08T12:55:00Z

value	0.06903
scoring_system	epss
scoring_elements	0.91385
published_at	2026-04-09T12:55:00Z

value	0.06903
scoring_system	epss
scoring_elements	0.91392
published_at	2026-04-11T12:55:00Z

value	0.06903
scoring_system	epss
scoring_elements	0.91394
published_at	2026-04-12T12:55:00Z

value	0.06903
scoring_system	epss
scoring_elements	0.91393
published_at	2026-04-13T12:55:00Z

value	0.06903
scoring_system	epss
scoring_elements	0.91419
published_at	2026-04-16T12:55:00Z

value	0.06903
scoring_system	epss
scoring_elements	0.91415
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9087

reference_url	https://blog.fuzzing-project.org/2-Buffer-overflow-and-other-minor-issues-in-GnuPG-and-libksba-TFPA-0012014.html
reference_id
reference_type
scores
url	https://blog.fuzzing-project.org/2-Buffer-overflow-and-other-minor-issues-in-GnuPG-and-libksba-TFPA-0012014.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9087
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9087

reference_url	http://secunia.com/advisories/60073
reference_id
reference_type
scores
url	http://secunia.com/advisories/60073

reference_url	http://secunia.com/advisories/60189
reference_id
reference_type
scores
url	http://secunia.com/advisories/60189

reference_url	http://secunia.com/advisories/60233
reference_id
reference_type
scores
url	http://secunia.com/advisories/60233

reference_url	http://www.debian.org/security/2014/dsa-3078
reference_id
reference_type
scores
url	http://www.debian.org/security/2014/dsa-3078

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2014:234
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2014:234

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2015:151
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2015:151

reference_url	http://www.securityfocus.com/bid/71285
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/71285

reference_url	http://www.ubuntu.com/usn/USN-2427-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2427-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1168051
reference_id	1168051
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1168051

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770972
reference_id	770972
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770972

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.1.0:-::::::
reference_id	cpe:2.3:a:gnupg:gnupg:2.1.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.1.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.1.0:beta1::::::
reference_id	cpe:2.3:a:gnupg:gnupg:2.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.1.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:libksba::::::::
reference_id	cpe:2.3:a:gnupg:libksba::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:libksba::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mageia:mageia:3.0:::::::*
reference_id	cpe:2.3:o:mageia:mageia:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mageia:mageia:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mageia:mageia:4.0:::::::*
reference_id	cpe:2.3:o:mageia:mageia:4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mageia:mageia:4.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-9087

reference_id

CVE-2014-9087

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2014-9087

reference_url	https://usn.ubuntu.com/2427-1/
reference_id	USN-2427-1
reference_type
scores
url	https://usn.ubuntu.com/2427-1/

Weaknesses

cwe_id	190
name	Integer Overflow or Wraparound
description	The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

cwe_id	122
name	Heap-based Buffer Overflow
description	A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

cwe_id	191
name	Integer Underflow (Wrap or Wraparound)
description	The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

Exploits

Severity_range_score 7.5 - 7.5

Exploitability 0.5

Weighted_severity 6.8

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4fcw-qdwc-4ycd

Vulnerability Instance