Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/88669?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88669?format=api", "vulnerability_id": "VCID-k2r6-f34x-guge", "summary": "kernel: splice: fix bad unlock_page() in error case", "aliases": [ { "alias": "CVE-2008-4302" } ], "fixed_packages": [], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/128800?format=api", "purl": "pkg:rpm/redhat/kernel@2.6.18-92.1.18?arch=el5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3s7g-w417-u3f7" }, { "vulnerability": "VCID-hjz4-81cy-w7az" }, { "vulnerability": "VCID-j2ym-frqh-8ugt" }, { "vulnerability": "VCID-jcyz-npd9-jugr" }, { "vulnerability": "VCID-k2r6-f34x-guge" }, { "vulnerability": "VCID-nvjg-9rzb-dufu" }, { "vulnerability": "VCID-qv5k-g3b6-hfc2" }, { "vulnerability": "VCID-r92j-bk4h-fqdn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/kernel@2.6.18-92.1.18%3Farch=el5" } ], "references": [ { "reference_url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=6a860c979b35469e4d77da781a96bdb2ca05ae64", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=6a860c979b35469e4d77da781a96bdb2ca05ae64" }, { "reference_url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html" }, { "reference_url": "http://lkml.org/lkml/2007/7/20/168", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lkml.org/lkml/2007/7/20/168" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4302.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4302.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4302", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36023", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36109", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36328", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36502", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36536", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36374", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36424", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36444", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36452", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36417", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36395", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36436", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36419", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36363", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36139", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4302" }, { "reference_url": "http://secunia.com/advisories/32237", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/32237" }, { "reference_url": "http://secunia.com/advisories/32485", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/32485" }, { "reference_url": "http://secunia.com/advisories/32759", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/32759" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45191", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45191" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10547", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10547" }, { "reference_url": "http://www.debian.org/security/2008/dsa-1653", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2008/dsa-1653" }, { "reference_url": "http://www.juniper.net/security/auto/vulnerabilities/vuln31201.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.juniper.net/security/auto/vulnerabilities/vuln31201.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2008/09/16/10", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2008/09/16/10" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0957.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2008-0957.html" }, { "reference_url": "http://www.securityfocus.com/bid/31201", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/31201" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=462434", "reference_id": "462434", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=462434" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4302", "reference_id": "CVE-2008-4302", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:N/A:C" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4302" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/32384.txt", "reference_id": "CVE-2008-4302;OSVDB-49898", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/32384.txt" }, { "reference_url": "https://www.securityfocus.com/bid/31201/info", "reference_id": "CVE-2008-4302;OSVDB-49898", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/31201/info" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0957", "reference_id": "RHSA-2008:0957", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0957" } ], "weaknesses": [ { "cwe_id": 667, "name": "Improper Locking", "description": "The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors." } ], "exploits": [ { "date_added": "2007-07-20", "description": "Linux Kernel 2.6.x - 'add_to_page_cache_lru()' Local Denial of Service", "required_action": null, "due_date": null, "notes": null, "known_ransomware_campaign_use": true, "source_date_published": "2007-07-20", "exploit_type": "dos", "platform": "linux", "source_date_updated": "2014-03-20", "data_source": "Exploit-DB", "source_url": "https://www.securityfocus.com/bid/31201/info" } ], "severity_range_score": "4.9 - 5.5", "exploitability": "2.0", "weighted_severity": "5.0", "risk_score": 10.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k2r6-f34x-guge" }