Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-x4bu-4ex7-37cd

Summary bind: Lookups involving a DNAME could trigger an assertion failure when 'synth-from-dnssec' was enabled (which is the default)

Aliases

alias	CVE-2022-0635

Fixed_packages

url	pkg:alpm/archlinux/bind@9.18.1-1
purl	pkg:alpm/archlinux/bind@9.18.1-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.1-1

url	pkg:deb/debian/bind9@0?distro=trixie
purl	pkg:deb/debian/bind9@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/bind9@0%3Fdistro=trixie

url pkg:deb/debian/bind9@1:9.16.50-1~deb11u2?distro=trixie

purl pkg:deb/debian/bind9@1:9.16.50-1~deb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d9np-47r3-rkg1

vulnerability	VCID-gdhz-6yzf-afda

vulnerability	VCID-unqt-mcxv-c7fw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bind9@1:9.16.50-1~deb11u2%3Fdistro=trixie

url	pkg:deb/debian/bind9@1:9.18.1-1?distro=trixie
purl	pkg:deb/debian/bind9@1:9.18.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/bind9@1:9.18.1-1%3Fdistro=trixie

url pkg:deb/debian/bind9@1:9.18.41-1~deb12u1?distro=trixie

purl pkg:deb/debian/bind9@1:9.18.41-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d9np-47r3-rkg1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bind9@1:9.18.41-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/bind9@1:9.20.18-1~deb13u1?distro=trixie
purl	pkg:deb/debian/bind9@1:9.20.18-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/bind9@1:9.20.18-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/bind9@1:9.20.21-1?distro=trixie
purl	pkg:deb/debian/bind9@1:9.20.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/bind9@1:9.20.21-1%3Fdistro=trixie

url	pkg:deb/debian/bind9@1:9.20.22-1?distro=trixie
purl	pkg:deb/debian/bind9@1:9.20.22-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/bind9@1:9.20.22-1%3Fdistro=trixie

Affected_packages

url pkg:alpm/archlinux/bind@9.18.0-1

purl pkg:alpm/archlinux/bind@9.18.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-67zf-a3r9-wqcv

vulnerability	VCID-b3u2-wjzm-duhc

vulnerability	VCID-x4bu-4ex7-37cd

vulnerability	VCID-zgnn-ckqt-43fq

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.0-1

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0635.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0635.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0635

reference_id

reference_type

scores

value	0.00781
scoring_system	epss
scoring_elements	0.73649
published_at	2026-04-01T12:55:00Z

value	0.00781
scoring_system	epss
scoring_elements	0.73748
published_at	2026-04-18T12:55:00Z

value	0.00781
scoring_system	epss
scoring_elements	0.73697
published_at	2026-04-13T12:55:00Z

value	0.00781
scoring_system	epss
scoring_elements	0.7374
published_at	2026-04-16T12:55:00Z

value	0.00781
scoring_system	epss
scoring_elements	0.73658
published_at	2026-04-02T12:55:00Z

value	0.00781
scoring_system	epss
scoring_elements	0.73682
published_at	2026-04-04T12:55:00Z

value	0.00781
scoring_system	epss
scoring_elements	0.73654
published_at	2026-04-07T12:55:00Z

value	0.00781
scoring_system	epss
scoring_elements	0.7369
published_at	2026-04-08T12:55:00Z

value	0.00781
scoring_system	epss
scoring_elements	0.73703
published_at	2026-04-09T12:55:00Z

value	0.00781
scoring_system	epss
scoring_elements	0.73724
published_at	2026-04-11T12:55:00Z

value	0.00781
scoring_system	epss
scoring_elements	0.73706
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0635

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064514
reference_id	2064514
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064514

reference_url	https://security.archlinux.org/ASA-202204-5
reference_id	ASA-202204-5
reference_type
scores
url	https://security.archlinux.org/ASA-202204-5

reference_url

https://security.archlinux.org/AVG-2661

reference_id

AVG-2661

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2661

Weaknesses

cwe_id	617
name	Reachable Assertion
description	The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x4bu-4ex7-37cd

Vulnerability Instance