Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/8664?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8664?format=api", "vulnerability_id": "VCID-hkfz-s2ek-xbb7", "summary": "A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparser_find_proxy of the file src/pacparser.c. The manipulation of the argument url leads to buffer overflow. Attacking locally is a requirement. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is 853e8f45607cb07b877ffd270c63dbcdd5201ad9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215443.", "aliases": [ { "alias": "CVE-2019-25078" }, { "alias": "PYSEC-2022-43062" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/415945?format=api", "purl": "pkg:deb/debian/pacparser@1.3.6-1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yjjr-re41-dbde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacparser@1.3.6-1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/201631?format=api", "purl": "pkg:deb/debian/pacparser@1.3.6-1.4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yjjr-re41-dbde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacparser@1.3.6-1.4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/201633?format=api", "purl": "pkg:deb/debian/pacparser@1.4.5-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacparser@1.4.5-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/201632?format=api", "purl": "pkg:deb/debian/pacparser@1.5.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacparser@1.5.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/29172?format=api", "purl": "pkg:pypi/pacparser@1.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yjjr-re41-dbde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pacparser@1.4.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/415944?format=api", "purl": "pkg:deb/debian/pacparser@1.3.6-1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkfz-s2ek-xbb7" }, { "vulnerability": "VCID-yjjr-re41-dbde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacparser@1.3.6-1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/201630?format=api", "purl": "pkg:deb/debian/pacparser@1.3.6-1.2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkfz-s2ek-xbb7" }, { "vulnerability": "VCID-yjjr-re41-dbde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pacparser@1.3.6-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/29160?format=api", "purl": "pkg:pypi/pacparser@1.3.7rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkfz-s2ek-xbb7" }, { "vulnerability": "VCID-yjjr-re41-dbde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pacparser@1.3.7rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/29161?format=api", "purl": "pkg:pypi/pacparser@1.3.7rc5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkfz-s2ek-xbb7" }, { "vulnerability": "VCID-yjjr-re41-dbde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pacparser@1.3.7rc5" }, { "url": "http://public2.vulnerablecode.io/api/packages/29162?format=api", "purl": "pkg:pypi/pacparser@1.3.7rc6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkfz-s2ek-xbb7" }, { "vulnerability": "VCID-yjjr-re41-dbde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pacparser@1.3.7rc6" }, { "url": "http://public2.vulnerablecode.io/api/packages/29163?format=api", "purl": "pkg:pypi/pacparser@1.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkfz-s2ek-xbb7" }, { "vulnerability": "VCID-yjjr-re41-dbde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pacparser@1.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/29164?format=api", "purl": "pkg:pypi/pacparser@1.3.8.dev15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkfz-s2ek-xbb7" }, { "vulnerability": "VCID-yjjr-re41-dbde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pacparser@1.3.8.dev15" }, { "url": "http://public2.vulnerablecode.io/api/packages/29165?format=api", "purl": "pkg:pypi/pacparser@1.3.8.dev18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkfz-s2ek-xbb7" }, { "vulnerability": "VCID-yjjr-re41-dbde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pacparser@1.3.8.dev18" }, { "url": "http://public2.vulnerablecode.io/api/packages/29166?format=api", "purl": "pkg:pypi/pacparser@1.3.8.dev39", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkfz-s2ek-xbb7" }, { "vulnerability": "VCID-yjjr-re41-dbde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pacparser@1.3.8.dev39" }, { "url": "http://public2.vulnerablecode.io/api/packages/29167?format=api", "purl": "pkg:pypi/pacparser@1.3.9.dev7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkfz-s2ek-xbb7" }, { "vulnerability": "VCID-yjjr-re41-dbde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pacparser@1.3.9.dev7" }, { "url": "http://public2.vulnerablecode.io/api/packages/29168?format=api", "purl": "pkg:pypi/pacparser@1.3.9.dev8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkfz-s2ek-xbb7" }, { "vulnerability": "VCID-yjjr-re41-dbde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pacparser@1.3.9.dev8" }, { "url": "http://public2.vulnerablecode.io/api/packages/29169?format=api", "purl": "pkg:pypi/pacparser@1.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkfz-s2ek-xbb7" }, { "vulnerability": "VCID-yjjr-re41-dbde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pacparser@1.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/29170?format=api", "purl": "pkg:pypi/pacparser@1.4.0.dev1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkfz-s2ek-xbb7" }, { "vulnerability": "VCID-yjjr-re41-dbde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pacparser@1.4.0.dev1" }, { "url": "http://public2.vulnerablecode.io/api/packages/29171?format=api", "purl": "pkg:pypi/pacparser@1.4.0.dev3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkfz-s2ek-xbb7" }, { "vulnerability": "VCID-yjjr-re41-dbde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pacparser@1.4.0.dev3" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-25078", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40667", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-25078" }, { "reference_url": "https://github.com/manugarg/pacparser/commit/853e8f45607cb07b877ffd270c63dbcdd5201ad9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/manugarg/pacparser/commit/853e8f45607cb07b877ffd270c63dbcdd5201ad9" }, { "reference_url": "https://github.com/manugarg/pacparser/issues/99", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/manugarg/pacparser/issues/99" }, { "reference_url": "https://github.com/manugarg/pacparser/releases/tag/v1.4.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/manugarg/pacparser/releases/tag/v1.4.0" }, { "reference_url": "https://vuldb.com/?id.215443", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://vuldb.com/?id.215443" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026106", "reference_id": "1026106", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026106" } ], "weaknesses": [], "exploits": [], "severity_range_score": "7.8 - 7.8", "exploitability": "0.5", "weighted_severity": "7.0", "risk_score": 3.5, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hkfz-s2ek-xbb7" }