VulnerableCode Package Details - pkg:apk/alpine/librewolf@82.0-r0?arch=x86&distroversion=v3.23&reponame=community

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3btj-hzd1-1kgn	A use-after-free bug in the usersctp library was reported upstream. We assume this could have led to memory corruption and a potentially exploitable crash.	CVE-2020-15969
VCID-gvxx-721z-mkcu	When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be incorrectly associated with a different origin.	CVE-2020-15682
VCID-xp2x-v77v-9fbw	In the crossbeam rust crate, the bounded channel incorrectly assumed that Vec::from_iter had allocated capacity that was the same as the number of iterator elements. Vec::from_iter does not actually guarantee that and may allocate extra memory. The destructor of the bounded channel reconstructs Vec from the raw pointer based on the incorrect assumptions - this is unsound and caused a deallocation with the incorrect capacity when Vec::from_iter had allocated different sizes than the number of iterator elements. The impact on Firefox is undetermined, but in another use case, the behavior was causing corruption of jemalloc structures.	CVE-2020-15254 GHSA-v5m7-53cv-f3hx

Vulnerability

Summary

Aliases

VCID-3btj-hzd1-1kgn

A use-after-free bug in the usersctp library was reported upstream. We assume this could have led to memory corruption and a potentially exploitable crash.

CVE-2020-15969

VCID-gvxx-721z-mkcu

When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be incorrectly associated with a different origin.

CVE-2020-15682

VCID-xp2x-v77v-9fbw

In the crossbeam rust crate, the bounded channel incorrectly assumed that Vec::from_iter had allocated capacity that was the same as the number of iterator elements. Vec::from_iter does not actually guarantee that and may allocate extra memory. The destructor of the bounded channel reconstructs Vec from the raw pointer based on the incorrect assumptions - this is unsound and caused a deallocation with the incorrect capacity when Vec::from_iter had allocated different sizes than the number of iterator elements. The impact on Firefox is undetermined, but in another use case, the behavior was causing corruption of jemalloc structures.

CVE-2020-15254
GHSA-v5m7-53cv-f3hx

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-29T10:11:36.159794+00:00	Alpine Linux Importer	Fixing	VCID-gvxx-721z-mkcu	https://secdb.alpinelinux.org/v3.23/community.json	38.6.0
2026-05-29T10:00:02.782304+00:00	Alpine Linux Importer	Fixing	VCID-3btj-hzd1-1kgn	https://secdb.alpinelinux.org/v3.23/community.json	38.6.0
2026-05-29T09:36:18.794744+00:00	Alpine Linux Importer	Fixing	VCID-xp2x-v77v-9fbw	https://secdb.alpinelinux.org/v3.23/community.json	38.6.0