{"url":"http://public2.vulnerablecode.io/api/packages/100674?format=json","purl":"pkg:deb/debian/krb5@1.3.3-2?distro=trixie","type":"deb","namespace":"debian","name":"krb5","version":"1.3.3-2","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.3.4-3","latest_non_vulnerable_version":"1.22.1-2.1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74886?format=json","vulnerability_id":"VCID-4ytu-abds-63fx","summary":"The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka \"buffer underrun\").","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0082.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0082.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2003-0082","reference_id":"","reference_type":"","scores":[{"value":"0.02545","scoring_system":"epss","scoring_elements":"0.85749","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02545","scoring_system":"epss","scoring_elements":"0.85771","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02545","scoring_system":"epss","scoring_elements":"0.85774","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02545","scoring_system":"epss","scoring_elements":"0.8577","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02545","scoring_system":"epss","scoring_elements":"0.85754","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02545","scoring_system":"epss","scoring_elements":"0.85769","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2003-0082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0082"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1616960","reference_id":"1616960","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1616960"},{"reference_url":"https://access.redhat.com/errata/RHSA-2003:051","reference_id":"RHSA-2003:051","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2003:051"},{"reference_url":"https://access.redhat.com/errata/RHSA-2003:052","reference_id":"RHSA-2003:052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2003:052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2003:091","reference_id":"RHSA-2003:091","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2003:091"},{"reference_url":"https://access.redhat.com/errata/RHSA-2003:168","reference_id":"RHSA-2003:168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2003:168"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/100674?format=json","purl":"pkg:deb/debian/krb5@1.3.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.3.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100669?format=json","purl":"pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100667?format=json","purl":"pkg:deb/debian/krb5@1.20.1-2%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.20.1-2%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100671?format=json","purl":"pkg:deb/debian/krb5@1.21.3-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.21.3-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100670?format=json","purl":"pkg:deb/debian/krb5@1.22.1-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.22.1-2.1%3Fdistro=trixie"}],"aliases":["CVE-2003-0082"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ytu-abds-63fx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74889?format=json","vulnerability_id":"VCID-mdaz-fc4j-zkb3","summary":"Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0523.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0523.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0523","reference_id":"","reference_type":"","scores":[{"value":"0.25929","scoring_system":"epss","scoring_elements":"0.96371","published_at":"2026-06-04T12:55:00Z"},{"value":"0.25929","scoring_system":"epss","scoring_elements":"0.96376","published_at":"2026-06-05T12:55:00Z"},{"value":"0.25929","scoring_system":"epss","scoring_elements":"0.9638","published_at":"2026-06-08T12:55:00Z"},{"value":"0.25929","scoring_system":"epss","scoring_elements":"0.96385","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0523"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0523","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0523"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617223","reference_id":"1617223","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2004:236","reference_id":"RHSA-2004:236","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2004:236"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/100674?format=json","purl":"pkg:deb/debian/krb5@1.3.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.3.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100669?format=json","purl":"pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100667?format=json","purl":"pkg:deb/debian/krb5@1.20.1-2%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.20.1-2%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100671?format=json","purl":"pkg:deb/debian/krb5@1.21.3-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.21.3-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100670?format=json","purl":"pkg:deb/debian/krb5@1.22.1-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.22.1-2.1%3Fdistro=trixie"}],"aliases":["CVE-2004-0523"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mdaz-fc4j-zkb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66024?format=json","vulnerability_id":"VCID-tcxv-j2tr-1yhb","summary":"Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0028.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0028.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2003-0028","reference_id":"","reference_type":"","scores":[{"value":"0.56051","scoring_system":"epss","scoring_elements":"0.9814","published_at":"2026-06-04T12:55:00Z"},{"value":"0.56051","scoring_system":"epss","scoring_elements":"0.98142","published_at":"2026-06-09T12:55:00Z"},{"value":"0.56051","scoring_system":"epss","scoring_elements":"0.98143","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2003-0028"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0028","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0028"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1616941","reference_id":"1616941","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1616941"},{"reference_url":"https://access.redhat.com/errata/RHSA-2003:051","reference_id":"RHSA-2003:051","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2003:051"},{"reference_url":"https://access.redhat.com/errata/RHSA-2003:052","reference_id":"RHSA-2003:052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2003:052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2003:089","reference_id":"RHSA-2003:089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2003:089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2003:090","reference_id":"RHSA-2003:090","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2003:090"},{"reference_url":"https://access.redhat.com/errata/RHSA-2003:091","reference_id":"RHSA-2003:091","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2003:091"},{"reference_url":"https://access.redhat.com/errata/RHSA-2003:168","reference_id":"RHSA-2003:168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2003:168"},{"reference_url":"https://access.redhat.com/errata/RHSA-2003:212","reference_id":"RHSA-2003:212","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2003:212"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/100674?format=json","purl":"pkg:deb/debian/krb5@1.3.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.3.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100669?format=json","purl":"pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100667?format=json","purl":"pkg:deb/debian/krb5@1.20.1-2%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.20.1-2%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100671?format=json","purl":"pkg:deb/debian/krb5@1.21.3-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.21.3-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100670?format=json","purl":"pkg:deb/debian/krb5@1.22.1-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.22.1-2.1%3Fdistro=trixie"}],"aliases":["CVE-2003-0028"],"risk_score":0.2,"exploitability":"0.5","weighted_severity":"0.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tcxv-j2tr-1yhb"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.3.3-2%3Fdistro=trixie"}