Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/c-ares@1.12.0-1%2Bdeb9u1
Typedeb
Namespacedebian
Namec-ares
Version1.12.0-1+deb9u1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.34.5-1+deb13u1
Latest_non_vulnerable_version1.34.5-1+deb13u1
Affected_by_vulnerabilities
0
url VCID-1xdz-dku3-qqc4
vulnerability_id VCID-1xdz-dku3-qqc4
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3672.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3672.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3672
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17144
published_at 2026-04-01T12:55:00Z
1
value 0.00055
scoring_system epss
scoring_elements 0.17157
published_at 2026-04-13T12:55:00Z
2
value 0.00055
scoring_system epss
scoring_elements 0.1731
published_at 2026-04-02T12:55:00Z
3
value 0.00055
scoring_system epss
scoring_elements 0.17358
published_at 2026-04-04T12:55:00Z
4
value 0.00055
scoring_system epss
scoring_elements 0.17138
published_at 2026-04-07T12:55:00Z
5
value 0.00055
scoring_system epss
scoring_elements 0.17229
published_at 2026-04-08T12:55:00Z
6
value 0.00055
scoring_system epss
scoring_elements 0.17287
published_at 2026-04-09T12:55:00Z
7
value 0.00055
scoring_system epss
scoring_elements 0.17265
published_at 2026-04-11T12:55:00Z
8
value 0.00055
scoring_system epss
scoring_elements 0.17216
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3672
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1988342
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=1988342
3
reference_url https://c-ares.haxx.se/adv_20210810.html
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/
url https://c-ares.haxx.se/adv_20210810.html
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3672
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3672
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992053
reference_id 992053
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992053
7
reference_url https://security.archlinux.org/ASA-202108-13
reference_id ASA-202108-13
reference_type
scores
url https://security.archlinux.org/ASA-202108-13
8
reference_url https://security.archlinux.org/AVG-2268
reference_id AVG-2268
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2268
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3672
reference_id CVE-2021-3672
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-3672
10
reference_url https://security.gentoo.org/glsa/202401-02
reference_id GLSA-202401-02
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/
url https://security.gentoo.org/glsa/202401-02
11
reference_url https://security.gentoo.org/glsa/202405-29
reference_id GLSA-202405-29
reference_type
scores
url https://security.gentoo.org/glsa/202405-29
12
reference_url https://access.redhat.com/errata/RHSA-2021:3280
reference_id RHSA-2021:3280
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3280
13
reference_url https://access.redhat.com/errata/RHSA-2021:3281
reference_id RHSA-2021:3281
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3281
14
reference_url https://access.redhat.com/errata/RHSA-2021:3623
reference_id RHSA-2021:3623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3623
15
reference_url https://access.redhat.com/errata/RHSA-2021:3638
reference_id RHSA-2021:3638
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3638
16
reference_url https://access.redhat.com/errata/RHSA-2021:3639
reference_id RHSA-2021:3639
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3639
17
reference_url https://access.redhat.com/errata/RHSA-2021:3666
reference_id RHSA-2021:3666
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3666
18
reference_url https://access.redhat.com/errata/RHSA-2022:2043
reference_id RHSA-2022:2043
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2043
19
reference_url https://usn.ubuntu.com/5034-1/
reference_id USN-5034-1
reference_type
scores
url https://usn.ubuntu.com/5034-1/
20
reference_url https://usn.ubuntu.com/5034-2/
reference_id USN-5034-2
reference_type
scores
url https://usn.ubuntu.com/5034-2/
fixed_packages
0
url pkg:deb/debian/c-ares@1.14.0-1%2Bdeb10u1
purl pkg:deb/debian/c-ares@1.14.0-1%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xdz-dku3-qqc4
1
vulnerability VCID-5vh6-usw6-2qhy
2
vulnerability VCID-gx39-xzj1-vfb7
3
vulnerability VCID-krvu-3d14-yudt
4
vulnerability VCID-m4sn-7wuq-e3cd
5
vulnerability VCID-pavw-rssx-53cg
6
vulnerability VCID-vezx-cgbw-zqdp
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.14.0-1%252Bdeb10u1
1
url pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3
purl pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3
aliases CVE-2021-3672
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1xdz-dku3-qqc4
1
url VCID-5vh6-usw6-2qhy
vulnerability_id VCID-5vh6-usw6-2qhy
summary 
Improper Input Validation
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4904.json
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4904.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4904
reference_id
reference_type
scores
0
value 0.00161
scoring_system epss
scoring_elements 0.37124
published_at 2026-04-02T12:55:00Z
1
value 0.00161
scoring_system epss
scoring_elements 0.36999
published_at 2026-04-13T12:55:00Z
2
value 0.00161
scoring_system epss
scoring_elements 0.37156
published_at 2026-04-04T12:55:00Z
3
value 0.00161
scoring_system epss
scoring_elements 0.36987
published_at 2026-04-07T12:55:00Z
4
value 0.00161
scoring_system epss
scoring_elements 0.37037
published_at 2026-04-08T12:55:00Z
5
value 0.00161
scoring_system epss
scoring_elements 0.3705
published_at 2026-04-09T12:55:00Z
6
value 0.00161
scoring_system epss
scoring_elements 0.37059
published_at 2026-04-11T12:55:00Z
7
value 0.00161
scoring_system epss
scoring_elements 0.37025
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4904
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2168631
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:25:39Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2168631
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4904
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4904
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/c-ares/c-ares/issues/496
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:25:39Z/
url https://github.com/c-ares/c-ares/issues/496
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031525
reference_id 1031525
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031525
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/
reference_id 33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:25:39Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-4904
reference_id CVE-2022-4904
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-4904
10
reference_url https://security.gentoo.org/glsa/202401-02
reference_id GLSA-202401-02
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:25:39Z/
url https://security.gentoo.org/glsa/202401-02
11
reference_url https://access.redhat.com/errata/RHSA-2023:1533
reference_id RHSA-2023:1533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1533
12
reference_url https://access.redhat.com/errata/RHSA-2023:1582
reference_id RHSA-2023:1582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1582
13
reference_url https://access.redhat.com/errata/RHSA-2023:1742
reference_id RHSA-2023:1742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1742
14
reference_url https://access.redhat.com/errata/RHSA-2023:1743
reference_id RHSA-2023:1743
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1743
15
reference_url https://access.redhat.com/errata/RHSA-2023:1744
reference_id RHSA-2023:1744
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1744
16
reference_url https://access.redhat.com/errata/RHSA-2023:2654
reference_id RHSA-2023:2654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2654
17
reference_url https://access.redhat.com/errata/RHSA-2023:2655
reference_id RHSA-2023:2655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2655
18
reference_url https://access.redhat.com/errata/RHSA-2023:4035
reference_id RHSA-2023:4035
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4035
19
reference_url https://access.redhat.com/errata/RHSA-2023:5533
reference_id RHSA-2023:5533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5533
20
reference_url https://access.redhat.com/errata/RHSA-2023:6291
reference_id RHSA-2023:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6291
21
reference_url https://access.redhat.com/errata/RHSA-2023:6635
reference_id RHSA-2023:6635
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6635
22
reference_url https://access.redhat.com/errata/RHSA-2023:7116
reference_id RHSA-2023:7116
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7116
23
reference_url https://access.redhat.com/errata/RHSA-2023:7368
reference_id RHSA-2023:7368
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7368
24
reference_url https://access.redhat.com/errata/RHSA-2023:7543
reference_id RHSA-2023:7543
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7543
25
reference_url https://usn.ubuntu.com/5907-1/
reference_id USN-5907-1
reference_type
scores
url https://usn.ubuntu.com/5907-1/
fixed_packages
0
url pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3
purl pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3
aliases CVE-2022-4904
risk_score 3.9
exploitability 0.5
weighted_severity 7.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5vh6-usw6-2qhy
2
url VCID-gx39-xzj1-vfb7
vulnerability_id VCID-gx39-xzj1-vfb7
summary c-ares: ares_destroy() with pending ares_getaddrinfo() leads to Use-After-Free
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14354.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14354.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14354
reference_id
reference_type
scores
0
value 0.00188
scoring_system epss
scoring_elements 0.40602
published_at 2026-04-01T12:55:00Z
1
value 0.00188
scoring_system epss
scoring_elements 0.40687
published_at 2026-04-02T12:55:00Z
2
value 0.00188
scoring_system epss
scoring_elements 0.40715
published_at 2026-04-04T12:55:00Z
3
value 0.00188
scoring_system epss
scoring_elements 0.40637
published_at 2026-04-07T12:55:00Z
4
value 0.00188
scoring_system epss
scoring_elements 0.40688
published_at 2026-04-08T12:55:00Z
5
value 0.00188
scoring_system epss
scoring_elements 0.40697
published_at 2026-04-09T12:55:00Z
6
value 0.00188
scoring_system epss
scoring_elements 0.40714
published_at 2026-04-11T12:55:00Z
7
value 0.00188
scoring_system epss
scoring_elements 0.40679
published_at 2026-04-12T12:55:00Z
8
value 0.00188
scoring_system epss
scoring_elements 0.4066
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14354
2
reference_url https://c-ares.haxx.se/changelog.html
reference_id
reference_type
scores
url https://c-ares.haxx.se/changelog.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14354
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14354
4
reference_url https://packetstormsecurity.com/files/158755/GS20200804145053.txt
reference_id
reference_type
scores
url https://packetstormsecurity.com/files/158755/GS20200804145053.txt
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1866838
reference_id 1866838
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1866838
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-14354
reference_id CVE-2020-14354
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-14354
fixed_packages
0
url pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3
purl pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3
aliases CVE-2020-14354
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gx39-xzj1-vfb7
3
url VCID-krvu-3d14-yudt
vulnerability_id VCID-krvu-3d14-yudt
summary c-ares: Heap buffer over read in ares_parse_soa_reply
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-22217.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-22217.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-22217
reference_id
reference_type
scores
0
value 0.00115
scoring_system epss
scoring_elements 0.30187
published_at 2026-04-01T12:55:00Z
1
value 0.00115
scoring_system epss
scoring_elements 0.30217
published_at 2026-04-02T12:55:00Z
2
value 0.00115
scoring_system epss
scoring_elements 0.30089
published_at 2026-04-13T12:55:00Z
3
value 0.00115
scoring_system epss
scoring_elements 0.30179
published_at 2026-04-09T12:55:00Z
4
value 0.00115
scoring_system epss
scoring_elements 0.30182
published_at 2026-04-11T12:55:00Z
5
value 0.00115
scoring_system epss
scoring_elements 0.30139
published_at 2026-04-12T12:55:00Z
6
value 0.00115
scoring_system epss
scoring_elements 0.30266
published_at 2026-04-04T12:55:00Z
7
value 0.00115
scoring_system epss
scoring_elements 0.30084
published_at 2026-04-07T12:55:00Z
8
value 0.00115
scoring_system epss
scoring_elements 0.30144
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-22217
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22217
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22217
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2235527
reference_id 2235527
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2235527
5
reference_url https://github.com/c-ares/c-ares/issues/333
reference_id 333
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T19:59:20Z/
url https://github.com/c-ares/c-ares/issues/333
6
reference_url https://lists.debian.org/debian-lts-announce/2023/09/msg00014.html
reference_id msg00014.html
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T19:59:20Z/
url https://lists.debian.org/debian-lts-announce/2023/09/msg00014.html
7
reference_url https://access.redhat.com/errata/RHSA-2023:7207
reference_id RHSA-2023:7207
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7207
8
reference_url https://access.redhat.com/errata/RHSA-2024:0419
reference_id RHSA-2024:0419
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0419
9
reference_url https://access.redhat.com/errata/RHSA-2024:0578
reference_id RHSA-2024:0578
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0578
10
reference_url https://usn.ubuntu.com/6376-1/
reference_id USN-6376-1
reference_type
scores
url https://usn.ubuntu.com/6376-1/
fixed_packages
0
url pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3
purl pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3
aliases CVE-2020-22217
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-krvu-3d14-yudt
4
url VCID-m4sn-7wuq-e3cd
vulnerability_id VCID-m4sn-7wuq-e3cd
summary A Denial of Service vulnerability was discovered in c-ares.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8277.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8277.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8277
reference_id
reference_type
scores
0
value 0.59168
scoring_system epss
scoring_elements 0.98219
published_at 2026-04-01T12:55:00Z
1
value 0.59168
scoring_system epss
scoring_elements 0.98233
published_at 2026-04-13T12:55:00Z
2
value 0.59168
scoring_system epss
scoring_elements 0.98226
published_at 2026-04-07T12:55:00Z
3
value 0.59168
scoring_system epss
scoring_elements 0.9823
published_at 2026-04-09T12:55:00Z
4
value 0.59168
scoring_system epss
scoring_elements 0.98222
published_at 2026-04-02T12:55:00Z
5
value 0.59168
scoring_system epss
scoring_elements 0.98225
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8277
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/
5
reference_url https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/
reference_id
reference_type
scores
url https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1898554
reference_id 1898554
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1898554
7
reference_url https://security.archlinux.org/ASA-202011-18
reference_id ASA-202011-18
reference_type
scores
url https://security.archlinux.org/ASA-202011-18
8
reference_url https://security.archlinux.org/AVG-1280
reference_id AVG-1280
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1280
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8277
reference_id CVE-2020-8277
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-8277
10
reference_url https://security.gentoo.org/glsa/202012-11
reference_id GLSA-202012-11
reference_type
scores
url https://security.gentoo.org/glsa/202012-11
11
reference_url https://access.redhat.com/errata/RHSA-2020:5305
reference_id RHSA-2020:5305
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5305
12
reference_url https://access.redhat.com/errata/RHSA-2020:5499
reference_id RHSA-2020:5499
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5499
13
reference_url https://access.redhat.com/errata/RHSA-2021:0421
reference_id RHSA-2021:0421
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0421
14
reference_url https://access.redhat.com/errata/RHSA-2021:0551
reference_id RHSA-2021:0551
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0551
15
reference_url https://usn.ubuntu.com/4638-1/
reference_id USN-4638-1
reference_type
scores
url https://usn.ubuntu.com/4638-1/
fixed_packages
0
url pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3
purl pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3
aliases CVE-2020-8277
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m4sn-7wuq-e3cd
5
url VCID-pavw-rssx-53cg
vulnerability_id VCID-pavw-rssx-53cg
summary 
Uncontrolled Resource Consumption
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32067.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32067.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32067
reference_id
reference_type
scores
0
value 0.00409
scoring_system epss
scoring_elements 0.61263
published_at 2026-04-02T12:55:00Z
1
value 0.00409
scoring_system epss
scoring_elements 0.61309
published_at 2026-04-13T12:55:00Z
2
value 0.00409
scoring_system epss
scoring_elements 0.61292
published_at 2026-04-04T12:55:00Z
3
value 0.00409
scoring_system epss
scoring_elements 0.6126
published_at 2026-04-07T12:55:00Z
4
value 0.00409
scoring_system epss
scoring_elements 0.61307
published_at 2026-04-08T12:55:00Z
5
value 0.00409
scoring_system epss
scoring_elements 0.61322
published_at 2026-04-09T12:55:00Z
6
value 0.00409
scoring_system epss
scoring_elements 0.61342
published_at 2026-04-11T12:55:00Z
7
value 0.00409
scoring_system epss
scoring_elements 0.61328
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32067
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31130
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31130
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32067
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32067
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/
url https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2209502
reference_id 2209502
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2209502
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32067
reference_id CVE-2023-32067
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-32067
10
reference_url https://www.debian.org/security/2023/dsa-5419
reference_id dsa-5419
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/
url https://www.debian.org/security/2023/dsa-5419
11
reference_url https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc
reference_id GHSA-9g78-jv2r-p7vc
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/
url https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc
12
reference_url https://security.gentoo.org/glsa/202310-09
reference_id GLSA-202310-09
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/
url https://security.gentoo.org/glsa/202310-09
13
reference_url https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html
reference_id msg00034.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/
url https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html
14
reference_url https://security.netapp.com/advisory/ntap-20240605-0004/
reference_id ntap-20240605-0004
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:37:41Z/
url https://security.netapp.com/advisory/ntap-20240605-0004/
15
reference_url https://access.redhat.com/errata/RHSA-2023:3559
reference_id RHSA-2023:3559
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3559
16
reference_url https://access.redhat.com/errata/RHSA-2023:3577
reference_id RHSA-2023:3577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3577
17
reference_url https://access.redhat.com/errata/RHSA-2023:3583
reference_id RHSA-2023:3583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3583
18
reference_url https://access.redhat.com/errata/RHSA-2023:3584
reference_id RHSA-2023:3584
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3584
19
reference_url https://access.redhat.com/errata/RHSA-2023:3586
reference_id RHSA-2023:3586
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3586
20
reference_url https://access.redhat.com/errata/RHSA-2023:3660
reference_id RHSA-2023:3660
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3660
21
reference_url https://access.redhat.com/errata/RHSA-2023:3662
reference_id RHSA-2023:3662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3662
22
reference_url https://access.redhat.com/errata/RHSA-2023:3665
reference_id RHSA-2023:3665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3665
23
reference_url https://access.redhat.com/errata/RHSA-2023:3677
reference_id RHSA-2023:3677
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3677
24
reference_url https://access.redhat.com/errata/RHSA-2023:3741
reference_id RHSA-2023:3741
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3741
25
reference_url https://access.redhat.com/errata/RHSA-2023:4033
reference_id RHSA-2023:4033
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4033
26
reference_url https://access.redhat.com/errata/RHSA-2023:4034
reference_id RHSA-2023:4034
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4034
27
reference_url https://access.redhat.com/errata/RHSA-2023:4035
reference_id RHSA-2023:4035
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4035
28
reference_url https://access.redhat.com/errata/RHSA-2023:4036
reference_id RHSA-2023:4036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4036
29
reference_url https://access.redhat.com/errata/RHSA-2023:4039
reference_id RHSA-2023:4039
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4039
30
reference_url https://usn.ubuntu.com/6164-1/
reference_id USN-6164-1
reference_type
scores
url https://usn.ubuntu.com/6164-1/
31
reference_url https://usn.ubuntu.com/6164-2/
reference_id USN-6164-2
reference_type
scores
url https://usn.ubuntu.com/6164-2/
fixed_packages
0
url pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3
purl pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3
aliases CVE-2023-32067, GHSA-9g78-jv2r-p7vc
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pavw-rssx-53cg
6
url VCID-vezx-cgbw-zqdp
vulnerability_id VCID-vezx-cgbw-zqdp
summary 
Buffer Underwrite ('Buffer Underflow')
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31130.json
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31130.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-31130
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01772
published_at 2026-04-02T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01782
published_at 2026-04-13T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.01785
published_at 2026-04-07T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.01788
published_at 2026-04-08T12:55:00Z
4
value 0.00012
scoring_system epss
scoring_elements 0.01801
published_at 2026-04-09T12:55:00Z
5
value 0.00012
scoring_system epss
scoring_elements 0.01794
published_at 2026-04-11T12:55:00Z
6
value 0.00012
scoring_system epss
scoring_elements 0.01784
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-31130
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31130
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31130
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32067
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32067
4
reference_url https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/
url https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2209497
reference_id 2209497
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2209497
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31130
reference_id CVE-2023-31130
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-31130
9
reference_url https://www.debian.org/security/2023/dsa-5419
reference_id dsa-5419
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/
url https://www.debian.org/security/2023/dsa-5419
10
reference_url https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v
reference_id GHSA-x6mf-cxr9-8q6v
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/
url https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v
11
reference_url https://security.gentoo.org/glsa/202310-09
reference_id GLSA-202310-09
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/
url https://security.gentoo.org/glsa/202310-09
12
reference_url https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html
reference_id msg00034.html
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/
url https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html
13
reference_url https://security.netapp.com/advisory/ntap-20240605-0005/
reference_id ntap-20240605-0005
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T18:35:37Z/
url https://security.netapp.com/advisory/ntap-20240605-0005/
14
reference_url https://access.redhat.com/errata/RHSA-2023:3577
reference_id RHSA-2023:3577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3577
15
reference_url https://access.redhat.com/errata/RHSA-2023:3586
reference_id RHSA-2023:3586
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3586
16
reference_url https://access.redhat.com/errata/RHSA-2023:4033
reference_id RHSA-2023:4033
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4033
17
reference_url https://access.redhat.com/errata/RHSA-2023:4034
reference_id RHSA-2023:4034
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4034
18
reference_url https://access.redhat.com/errata/RHSA-2023:4035
reference_id RHSA-2023:4035
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4035
19
reference_url https://access.redhat.com/errata/RHSA-2023:4036
reference_id RHSA-2023:4036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4036
20
reference_url https://access.redhat.com/errata/RHSA-2023:4039
reference_id RHSA-2023:4039
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4039
21
reference_url https://access.redhat.com/errata/RHSA-2023:6635
reference_id RHSA-2023:6635
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6635
22
reference_url https://access.redhat.com/errata/RHSA-2023:7207
reference_id RHSA-2023:7207
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7207
23
reference_url https://access.redhat.com/errata/RHSA-2023:7392
reference_id RHSA-2023:7392
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7392
24
reference_url https://access.redhat.com/errata/RHSA-2023:7543
reference_id RHSA-2023:7543
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7543
25
reference_url https://usn.ubuntu.com/6164-1/
reference_id USN-6164-1
reference_type
scores
url https://usn.ubuntu.com/6164-1/
26
reference_url https://usn.ubuntu.com/6164-2/
reference_id USN-6164-2
reference_type
scores
url https://usn.ubuntu.com/6164-2/
fixed_packages
0
url pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3
purl pkg:deb/debian/c-ares@1.17.1-1%2Bdeb11u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hy7-94d4-kyev
1
vulnerability VCID-3nsu-sz9r-pkbf
2
vulnerability VCID-h5yg-sx9b-ska5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.17.1-1%252Bdeb11u3
aliases CVE-2023-31130, GHSA-x6mf-cxr9-8q6v
risk_score 2.5
exploitability 0.5
weighted_severity 5.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vezx-cgbw-zqdp
7
url VCID-w3cx-2jcp-pyga
vulnerability_id VCID-w3cx-2jcp-pyga
summary c-ares: NAPTR parser out of bounds access
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000381.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000381.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000381
reference_id
reference_type
scores
0
value 0.00506
scoring_system epss
scoring_elements 0.66165
published_at 2026-04-01T12:55:00Z
1
value 0.00506
scoring_system epss
scoring_elements 0.66239
published_at 2026-04-13T12:55:00Z
2
value 0.00506
scoring_system epss
scoring_elements 0.66263
published_at 2026-04-09T12:55:00Z
3
value 0.00506
scoring_system epss
scoring_elements 0.66284
published_at 2026-04-11T12:55:00Z
4
value 0.00506
scoring_system epss
scoring_elements 0.66271
published_at 2026-04-12T12:55:00Z
5
value 0.00506
scoring_system epss
scoring_elements 0.66206
published_at 2026-04-02T12:55:00Z
6
value 0.00506
scoring_system epss
scoring_elements 0.66233
published_at 2026-04-04T12:55:00Z
7
value 0.00506
scoring_system epss
scoring_elements 0.66203
published_at 2026-04-07T12:55:00Z
8
value 0.00506
scoring_system epss
scoring_elements 0.6625
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000381
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000381
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000381
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1463132
reference_id 1463132
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1463132
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865360
reference_id 865360
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865360
6
reference_url https://security.archlinux.org/ASA-201707-21
reference_id ASA-201707-21
reference_type
scores
url https://security.archlinux.org/ASA-201707-21
7
reference_url https://security.archlinux.org/AVG-315
reference_id AVG-315
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-315
8
reference_url https://access.redhat.com/errata/RHSA-2017:2908
reference_id RHSA-2017:2908
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:2908
9
reference_url https://usn.ubuntu.com/3395-1/
reference_id USN-3395-1
reference_type
scores
url https://usn.ubuntu.com/3395-1/
10
reference_url https://usn.ubuntu.com/USN-4796-1/
reference_id USN-USN-4796-1
reference_type
scores
url https://usn.ubuntu.com/USN-4796-1/
fixed_packages
0
url pkg:deb/debian/c-ares@1.14.0-1%2Bdeb10u1
purl pkg:deb/debian/c-ares@1.14.0-1%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xdz-dku3-qqc4
1
vulnerability VCID-5vh6-usw6-2qhy
2
vulnerability VCID-gx39-xzj1-vfb7
3
vulnerability VCID-krvu-3d14-yudt
4
vulnerability VCID-m4sn-7wuq-e3cd
5
vulnerability VCID-pavw-rssx-53cg
6
vulnerability VCID-vezx-cgbw-zqdp
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.14.0-1%252Bdeb10u1
aliases CVE-2017-1000381
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w3cx-2jcp-pyga
Fixing_vulnerabilities
0
url VCID-33wk-w9ez-vyd2
vulnerability_id VCID-33wk-w9ez-vyd2
summary 
A heap-based buffer overflow in c-ares might allow remote attackers
    to cause a Denial of Service condition.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5180.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5180.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-5180
reference_id
reference_type
scores
0
value 0.18165
scoring_system epss
scoring_elements 0.95153
published_at 2026-04-01T12:55:00Z
1
value 0.18165
scoring_system epss
scoring_elements 0.9519
published_at 2026-04-13T12:55:00Z
2
value 0.18165
scoring_system epss
scoring_elements 0.95186
published_at 2026-04-11T12:55:00Z
3
value 0.18165
scoring_system epss
scoring_elements 0.95187
published_at 2026-04-12T12:55:00Z
4
value 0.18165
scoring_system epss
scoring_elements 0.95164
published_at 2026-04-02T12:55:00Z
5
value 0.18165
scoring_system epss
scoring_elements 0.95166
published_at 2026-04-04T12:55:00Z
6
value 0.18165
scoring_system epss
scoring_elements 0.95169
published_at 2026-04-07T12:55:00Z
7
value 0.18165
scoring_system epss
scoring_elements 0.95176
published_at 2026-04-08T12:55:00Z
8
value 0.18165
scoring_system epss
scoring_elements 0.9518
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-5180
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5180
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5180
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1380463
reference_id 1380463
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1380463
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839151
reference_id 839151
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839151
6
reference_url https://security.archlinux.org/ASA-201609-31
reference_id ASA-201609-31
reference_type
scores
url https://security.archlinux.org/ASA-201609-31
7
reference_url https://security.archlinux.org/AVG-37
reference_id AVG-37
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-37
8
reference_url https://security.gentoo.org/glsa/201701-28
reference_id GLSA-201701-28
reference_type
scores
url https://security.gentoo.org/glsa/201701-28
9
reference_url https://access.redhat.com/errata/RHSA-2017:0002
reference_id RHSA-2017:0002
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0002
10
reference_url https://usn.ubuntu.com/3143-1/
reference_id USN-3143-1
reference_type
scores
url https://usn.ubuntu.com/3143-1/
fixed_packages
0
url pkg:deb/debian/c-ares@1.10.0-2%2Bdeb8u2
purl pkg:deb/debian/c-ares@1.10.0-2%2Bdeb8u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xdz-dku3-qqc4
1
vulnerability VCID-33wk-w9ez-vyd2
2
vulnerability VCID-5vh6-usw6-2qhy
3
vulnerability VCID-gx39-xzj1-vfb7
4
vulnerability VCID-krvu-3d14-yudt
5
vulnerability VCID-m4sn-7wuq-e3cd
6
vulnerability VCID-pavw-rssx-53cg
7
vulnerability VCID-vezx-cgbw-zqdp
8
vulnerability VCID-w3cx-2jcp-pyga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.10.0-2%252Bdeb8u2
1
url pkg:deb/debian/c-ares@1.12.0-1%2Bdeb9u1
purl pkg:deb/debian/c-ares@1.12.0-1%2Bdeb9u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xdz-dku3-qqc4
1
vulnerability VCID-5vh6-usw6-2qhy
2
vulnerability VCID-gx39-xzj1-vfb7
3
vulnerability VCID-krvu-3d14-yudt
4
vulnerability VCID-m4sn-7wuq-e3cd
5
vulnerability VCID-pavw-rssx-53cg
6
vulnerability VCID-vezx-cgbw-zqdp
7
vulnerability VCID-w3cx-2jcp-pyga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.12.0-1%252Bdeb9u1
aliases CVE-2016-5180
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-33wk-w9ez-vyd2
Risk_score3.9
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/c-ares@1.12.0-1%252Bdeb9u1