Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-nfzs-w4pe-bubj

Summary gnupg2: memcpy with overlapping ranges (keybox_search.c)

Aliases

alias	CVE-2015-1607

Fixed_packages

url	pkg:deb/debian/gnupg2@2.0.26-5?distro=trixie
purl	pkg:deb/debian/gnupg2@2.0.26-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.0.26-5%3Fdistro=trixie

url pkg:deb/debian/gnupg2@2.0.26-6

purl pkg:deb/debian/gnupg2@2.0.26-6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9cm4-mu3q-2yey

vulnerability	VCID-9jj4-5uem-kkbs

vulnerability	VCID-ba35-1hmw-m3hg

vulnerability	VCID-ng6k-ru7r-9kdp

vulnerability	VCID-qapz-hmnm-x7dd

vulnerability	VCID-rqt5-xvxx-47h6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.0.26-6

url pkg:deb/debian/gnupg2@2.2.27-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/gnupg2@2.2.27-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zx65-nc6s-8yf9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.2.27-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/gnupg2@2.2.40-1.1%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/gnupg2@2.2.40-1.1%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zx65-nc6s-8yf9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.2.40-1.1%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/gnupg2@2.4.7-21%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/gnupg2@2.4.7-21%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-79fy-gfr6-zkgq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.4.7-21%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/gnupg2@2.4.9-4?distro=trixie

purl pkg:deb/debian/gnupg2@2.4.9-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-79fy-gfr6-zkgq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.4.9-4%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/gnupg2@1.9.15-6sarge2

purl pkg:deb/debian/gnupg2@1.9.15-6sarge2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3jt3-2y11-yuc5

vulnerability	VCID-3vdu-cchd-ekcp

vulnerability	VCID-4jxu-65cg-gbag

vulnerability	VCID-9cm4-mu3q-2yey

vulnerability	VCID-9jj4-5uem-kkbs

vulnerability	VCID-ba35-1hmw-m3hg

vulnerability	VCID-c2pw-ysyx-q7an

vulnerability	VCID-e1yx-b7wn-83af

vulnerability	VCID-mhw6-1d6f-pbcp

vulnerability	VCID-n34c-87th-d7gz

vulnerability	VCID-nfzs-w4pe-bubj

vulnerability	VCID-ng6k-ru7r-9kdp

vulnerability	VCID-qapz-hmnm-x7dd

vulnerability	VCID-rqt5-xvxx-47h6

vulnerability	VCID-st4p-dn2v-dbg3

vulnerability	VCID-vmyv-5rvk-akh3

vulnerability	VCID-xgfe-d1s6-eufu

vulnerability	VCID-y6zm-whbe-gfg4

vulnerability	VCID-zytz-gsnc-yqh9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@1.9.15-6sarge2

url pkg:deb/debian/gnupg2@2.0.0-5.2

purl pkg:deb/debian/gnupg2@2.0.0-5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3jt3-2y11-yuc5

vulnerability	VCID-3vdu-cchd-ekcp

vulnerability	VCID-9cm4-mu3q-2yey

vulnerability	VCID-9jj4-5uem-kkbs

vulnerability	VCID-ba35-1hmw-m3hg

vulnerability	VCID-e1yx-b7wn-83af

vulnerability	VCID-mhw6-1d6f-pbcp

vulnerability	VCID-n34c-87th-d7gz

vulnerability	VCID-nfzs-w4pe-bubj

vulnerability	VCID-ng6k-ru7r-9kdp

vulnerability	VCID-qapz-hmnm-x7dd

vulnerability	VCID-rqt5-xvxx-47h6

vulnerability	VCID-st4p-dn2v-dbg3

vulnerability	VCID-vmyv-5rvk-akh3

vulnerability	VCID-zytz-gsnc-yqh9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.0.0-5.2

url pkg:deb/debian/gnupg2@2.0.9-3.1%2Blenny1

purl pkg:deb/debian/gnupg2@2.0.9-3.1%2Blenny1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3jt3-2y11-yuc5

vulnerability	VCID-9cm4-mu3q-2yey

vulnerability	VCID-9jj4-5uem-kkbs

vulnerability	VCID-ba35-1hmw-m3hg

vulnerability	VCID-mhw6-1d6f-pbcp

vulnerability	VCID-n34c-87th-d7gz

vulnerability	VCID-nfzs-w4pe-bubj

vulnerability	VCID-ng6k-ru7r-9kdp

vulnerability	VCID-qapz-hmnm-x7dd

vulnerability	VCID-rqt5-xvxx-47h6

vulnerability	VCID-st4p-dn2v-dbg3

vulnerability	VCID-vmyv-5rvk-akh3

vulnerability	VCID-zytz-gsnc-yqh9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.0.9-3.1%252Blenny1

url pkg:deb/debian/gnupg2@2.0.14-2%2Bsqueeze2

purl pkg:deb/debian/gnupg2@2.0.14-2%2Bsqueeze2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3jt3-2y11-yuc5

vulnerability	VCID-9cm4-mu3q-2yey

vulnerability	VCID-9jj4-5uem-kkbs

vulnerability	VCID-ba35-1hmw-m3hg

vulnerability	VCID-mhw6-1d6f-pbcp

vulnerability	VCID-nfzs-w4pe-bubj

vulnerability	VCID-ng6k-ru7r-9kdp

vulnerability	VCID-qapz-hmnm-x7dd

vulnerability	VCID-rqt5-xvxx-47h6

vulnerability	VCID-st4p-dn2v-dbg3

vulnerability	VCID-vmyv-5rvk-akh3

vulnerability	VCID-zytz-gsnc-yqh9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.0.14-2%252Bsqueeze2

url pkg:deb/debian/gnupg2@2.0.14-2%2Bsqueeze3

purl pkg:deb/debian/gnupg2@2.0.14-2%2Bsqueeze3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3jt3-2y11-yuc5

vulnerability	VCID-9cm4-mu3q-2yey

vulnerability	VCID-9jj4-5uem-kkbs

vulnerability	VCID-ba35-1hmw-m3hg

vulnerability	VCID-mhw6-1d6f-pbcp

vulnerability	VCID-nfzs-w4pe-bubj

vulnerability	VCID-ng6k-ru7r-9kdp

vulnerability	VCID-qapz-hmnm-x7dd

vulnerability	VCID-rqt5-xvxx-47h6

vulnerability	VCID-st4p-dn2v-dbg3

vulnerability	VCID-vmyv-5rvk-akh3

vulnerability	VCID-zytz-gsnc-yqh9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.0.14-2%252Bsqueeze3

url pkg:deb/debian/gnupg2@2.0.19-2%2Bdeb7u2

purl pkg:deb/debian/gnupg2@2.0.19-2%2Bdeb7u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3jt3-2y11-yuc5

vulnerability	VCID-9cm4-mu3q-2yey

vulnerability	VCID-9jj4-5uem-kkbs

vulnerability	VCID-ba35-1hmw-m3hg

vulnerability	VCID-mhw6-1d6f-pbcp

vulnerability	VCID-nfzs-w4pe-bubj

vulnerability	VCID-ng6k-ru7r-9kdp

vulnerability	VCID-qapz-hmnm-x7dd

vulnerability	VCID-rqt5-xvxx-47h6

vulnerability	VCID-vmyv-5rvk-akh3

vulnerability	VCID-zytz-gsnc-yqh9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.0.19-2%252Bdeb7u2

url pkg:deb/debian/gnupg2@2.0.25-1~bpo70%2B1

purl pkg:deb/debian/gnupg2@2.0.25-1~bpo70%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3jt3-2y11-yuc5

vulnerability	VCID-9cm4-mu3q-2yey

vulnerability	VCID-9jj4-5uem-kkbs

vulnerability	VCID-ba35-1hmw-m3hg

vulnerability	VCID-nfzs-w4pe-bubj

vulnerability	VCID-ng6k-ru7r-9kdp

vulnerability	VCID-qapz-hmnm-x7dd

vulnerability	VCID-rqt5-xvxx-47h6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg2@2.0.25-1~bpo70%252B1

References

reference_url	http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=2183683bd633818dd031b090b5530951de76f392
reference_id
reference_type
scores
url	http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=2183683bd633818dd031b090b5530951de76f392

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1607.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1607.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-1607

reference_id

reference_type

scores

value	0.0063
scoring_system	epss
scoring_elements	0.7031
published_at	2026-04-21T12:55:00Z

value	0.0063
scoring_system	epss
scoring_elements	0.70329
published_at	2026-04-18T12:55:00Z

value	0.0063
scoring_system	epss
scoring_elements	0.70214
published_at	2026-04-01T12:55:00Z

value	0.0063
scoring_system	epss
scoring_elements	0.70227
published_at	2026-04-02T12:55:00Z

value	0.0063
scoring_system	epss
scoring_elements	0.70244
published_at	2026-04-04T12:55:00Z

value	0.0063
scoring_system	epss
scoring_elements	0.70221
published_at	2026-04-07T12:55:00Z

value	0.0063
scoring_system	epss
scoring_elements	0.70267
published_at	2026-04-08T12:55:00Z

value	0.0063
scoring_system	epss
scoring_elements	0.70282
published_at	2026-04-09T12:55:00Z

value	0.0063
scoring_system	epss
scoring_elements	0.70306
published_at	2026-04-11T12:55:00Z

value	0.0063
scoring_system	epss
scoring_elements	0.70291
published_at	2026-04-12T12:55:00Z

value	0.0063
scoring_system	epss
scoring_elements	0.70279
published_at	2026-04-13T12:55:00Z

value	0.0063
scoring_system	epss
scoring_elements	0.7032
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-1607

reference_url	https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html
reference_id
reference_type
scores
url	https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1607
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1607

reference_url	https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html
reference_id
reference_type
scores
url	https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html

reference_url	https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html
reference_id
reference_type
scores
url	https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html

reference_url	https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html
reference_id
reference_type
scores
url	https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html

reference_url	http://www.openwall.com/lists/oss-security/2015/02/13/14
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/02/13/14

reference_url	http://www.openwall.com/lists/oss-security/2015/02/14/6
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/02/14/6

reference_url	http://www.securityfocus.com/bid/72610
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/72610

reference_url	http://www.ubuntu.com/usn/usn-2554-1/
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/usn-2554-1/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1193009
reference_id	1193009
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1193009

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778577
reference_id	778577
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778577

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg::::::::
reference_id	cpe:2.3:a:gnupg:gnupg::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:10.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-1607

reference_id

CVE-2015-1607

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2015-1607

reference_url	https://usn.ubuntu.com/2554-1/
reference_id	USN-2554-1
reference_type
scores
url	https://usn.ubuntu.com/2554-1/

Weaknesses

cwe_id	131
name	Incorrect Calculation of Buffer Size
description	The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Exploits

Severity_range_score 4.3 - 5.5

Exploitability 0.5

Weighted_severity 5.0

Risk_score 2.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nfzs-w4pe-bubj

Vulnerability Instance