{"url":"http://public2.vulnerablecode.io/api/packages/103996?format=json","purl":"pkg:deb/debian/libtasn1-6@4.16.0-2%2Bdeb11u1?distro=trixie","type":"deb","namespace":"debian","name":"libtasn1-6","version":"4.16.0-2+deb11u1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.16.0-2+deb11u2","latest_non_vulnerable_version":"4.21.0-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68450?format=json","vulnerability_id":"VCID-64bk-bw5e-2kd1","summary":"libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13151.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13151.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13151","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15896","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16003","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1596","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15874","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16699","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13151"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125063","reference_id":"1125063","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125063"},{"reference_url":"https://gitlab.com/gnutls/libtasn1/-/merge_requests/121","reference_id":"121","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-07T21:32:59Z/"}],"url":"https://gitlab.com/gnutls/libtasn1/-/merge_requests/121"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427698","reference_id":"2427698","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427698"},{"reference_url":"https://gitlab.com/gnutls/libtasn1","reference_id":"libtasn1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-07T21:32:59Z/"}],"url":"https://gitlab.com/gnutls/libtasn1"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7500","reference_id":"RHSA-2026:7500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7500"},{"reference_url":"https://usn.ubuntu.com/7954-1/","reference_id":"USN-7954-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7954-1/"},{"reference_url":"https://usn.ubuntu.com/7954-2/","reference_id":"USN-7954-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7954-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103997?format=json","purl":"pkg:deb/debian/libtasn1-6@4.21.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.21.0-2%3Fdistro=trixie"}],"aliases":["CVE-2025-13151"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-64bk-bw5e-2kd1"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77494?format=json","vulnerability_id":"VCID-63dr-qhsp-qkhz","summary":"GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-46848.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-46848.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-46848","reference_id":"","reference_type":"","scores":[{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70621","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70665","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70663","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70671","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70654","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70643","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-46848"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46848","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46848"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2140058","reference_id":"2140058","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2140058"},{"reference_url":"https://gitlab.com/gnutls/libtasn1/-/issues/32","reference_id":"32","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:30:56Z/"}],"url":"https://gitlab.com/gnutls/libtasn1/-/issues/32"},{"reference_url":"https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5","reference_id":"44a700d2051a666235748970c2df047ff207aeb5","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:30:56Z/"}],"url":"https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5"},{"reference_url":"https://bugs.gentoo.org/866237","reference_id":"866237","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:30:56Z/"}],"url":"https://bugs.gentoo.org/866237"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV4SHDJF2XLB4CUPTBPQQ6CLGZ5LKXPZ/","reference_id":"AV4SHDJF2XLB4CUPTBPQQ6CLGZ5LKXPZ","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:30:56Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV4SHDJF2XLB4CUPTBPQQ6CLGZ5LKXPZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECM2ELTVRYV4BZ5L5GMIRQE27RFHPAQ6/","reference_id":"ECM2ELTVRYV4BZ5L5GMIRQE27RFHPAQ6","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:30:56Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECM2ELTVRYV4BZ5L5GMIRQE27RFHPAQ6/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00003.html","reference_id":"msg00003.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:30:56Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00003.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221118-0006/","reference_id":"ntap-20221118-0006","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:30:56Z/"}],"url":"https://security.netapp.com/advisory/ntap-20221118-0006/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGO7XST4EIJGX4B2ITZCYSWM24534BSU/","reference_id":"OGO7XST4EIJGX4B2ITZCYSWM24534BSU","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:30:56Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGO7XST4EIJGX4B2ITZCYSWM24534BSU/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0116","reference_id":"RHSA-2023:0116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0343","reference_id":"RHSA-2023:0343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0427","reference_id":"RHSA-2024:0427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0427"},{"reference_url":"https://usn.ubuntu.com/5707-1/","reference_id":"USN-5707-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5707-1/"},{"reference_url":"https://usn.ubuntu.com/7954-1/","reference_id":"USN-7954-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7954-1/"},{"reference_url":"https://usn.ubuntu.com/7954-2/","reference_id":"USN-7954-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7954-2/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V5LWOGF7QRMNFRUCZY6TDYQJVFI6MOQ2/","reference_id":"V5LWOGF7QRMNFRUCZY6TDYQJVFI6MOQ2","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:30:56Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V5LWOGF7QRMNFRUCZY6TDYQJVFI6MOQ2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103996?format=json","purl":"pkg:deb/debian/libtasn1-6@4.16.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.16.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104011?format=json","purl":"pkg:deb/debian/libtasn1-6@4.19.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.19.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103994?format=json","purl":"pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.19.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103998?format=json","purl":"pkg:deb/debian/libtasn1-6@4.20.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.20.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103997?format=json","purl":"pkg:deb/debian/libtasn1-6@4.21.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.21.0-2%3Fdistro=trixie"}],"aliases":["CVE-2021-46848"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-63dr-qhsp-qkhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77491?format=json","vulnerability_id":"VCID-9czj-mvq7-qkht","summary":"The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10790.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10790.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10790","reference_id":"","reference_type":"","scores":[{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60639","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60683","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60685","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60668","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60688","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60696","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6003","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6003"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1473192","reference_id":"1473192","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1473192"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867398","reference_id":"867398","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867398"},{"reference_url":"https://security.gentoo.org/glsa/201710-11","reference_id":"GLSA-201710-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-11"},{"reference_url":"https://usn.ubuntu.com/3547-1/","reference_id":"USN-3547-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3547-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104005?format=json","purl":"pkg:deb/debian/libtasn1-6@4.12-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.12-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103996?format=json","purl":"pkg:deb/debian/libtasn1-6@4.16.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.16.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103994?format=json","purl":"pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.19.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103998?format=json","purl":"pkg:deb/debian/libtasn1-6@4.20.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.20.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103997?format=json","purl":"pkg:deb/debian/libtasn1-6@4.21.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.21.0-2%3Fdistro=trixie"}],"aliases":["CVE-2017-10790"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9czj-mvq7-qkht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77486?format=json","vulnerability_id":"VCID-abjv-rfag-b3g5","summary":"The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3468.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3468.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3468","reference_id":"","reference_type":"","scores":[{"value":"0.09799","scoring_system":"epss","scoring_elements":"0.93107","published_at":"2026-06-04T12:55:00Z"},{"value":"0.09799","scoring_system":"epss","scoring_elements":"0.93118","published_at":"2026-06-05T12:55:00Z"},{"value":"0.09799","scoring_system":"epss","scoring_elements":"0.93116","published_at":"2026-06-06T12:55:00Z"},{"value":"0.09799","scoring_system":"epss","scoring_elements":"0.93113","published_at":"2026-06-07T12:55:00Z"},{"value":"0.09799","scoring_system":"epss","scoring_elements":"0.93111","published_at":"2026-06-08T12:55:00Z"},{"value":"0.09799","scoring_system":"epss","scoring_elements":"0.9312","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1102323","reference_id":"1102323","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1102323"},{"reference_url":"https://security.gentoo.org/glsa/201408-09","reference_id":"GLSA-201408-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0594","reference_id":"RHSA-2014:0594","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0594"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0596","reference_id":"RHSA-2014:0596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0687","reference_id":"RHSA-2014:0687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0815","reference_id":"RHSA-2014:0815","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0815"},{"reference_url":"https://usn.ubuntu.com/2294-1/","reference_id":"USN-2294-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2294-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103995?format=json","purl":"pkg:deb/debian/libtasn1-6@3.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@3.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103996?format=json","purl":"pkg:deb/debian/libtasn1-6@4.16.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.16.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103994?format=json","purl":"pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.19.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103998?format=json","purl":"pkg:deb/debian/libtasn1-6@4.20.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.20.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103997?format=json","purl":"pkg:deb/debian/libtasn1-6@4.21.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.21.0-2%3Fdistro=trixie"}],"aliases":["CVE-2014-3468"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-abjv-rfag-b3g5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77495?format=json","vulnerability_id":"VCID-b4fp-9xs9-ffhn","summary":"A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12133.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12133.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-12133","reference_id":"","reference_type":"","scores":[{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57231","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.5723","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57213","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57226","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57239","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-12133"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12133","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12133"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095406","reference_id":"1095406","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095406"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2344611","reference_id":"2344611","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:25:41Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2344611"},{"reference_url":"https://gitlab.com/gnutls/libtasn1/-/issues/52","reference_id":"52","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:25:41Z/"}],"url":"https://gitlab.com/gnutls/libtasn1/-/issues/52"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9","reference_id":"cpe:/a:redhat:discovery:1.14::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus:9.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-12133","reference_id":"CVE-2024-12133","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:25:41Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-12133"},{"reference_url":"https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md","reference_id":"CVE-2024-12133.md","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:25:41Z/"}],"url":"https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17347","reference_id":"RHSA-2025:17347","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:25:41Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:17347"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4049","reference_id":"RHSA-2025:4049","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:25:41Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:4049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7077","reference_id":"RHSA-2025:7077","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:25:41Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:7077"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8021","reference_id":"RHSA-2025:8021","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:25:41Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8385","reference_id":"RHSA-2025:8385","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:25:41Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8385"},{"reference_url":"https://usn.ubuntu.com/7275-1/","reference_id":"USN-7275-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7275-1/"},{"reference_url":"https://usn.ubuntu.com/7275-2/","reference_id":"USN-7275-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7275-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103996?format=json","purl":"pkg:deb/debian/libtasn1-6@4.16.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.16.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104013?format=json","purl":"pkg:deb/debian/libtasn1-6@4.16.0-2%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.16.0-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103994?format=json","purl":"pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.19.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104014?format=json","purl":"pkg:deb/debian/libtasn1-6@4.20.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.20.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103998?format=json","purl":"pkg:deb/debian/libtasn1-6@4.20.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.20.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103997?format=json","purl":"pkg:deb/debian/libtasn1-6@4.21.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.21.0-2%3Fdistro=trixie"}],"aliases":["CVE-2024-12133"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b4fp-9xs9-ffhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77489?format=json","vulnerability_id":"VCID-byvb-99nu-quck","summary":"The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3622.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3622.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3622","reference_id":"","reference_type":"","scores":[{"value":"0.06062","scoring_system":"epss","scoring_elements":"0.90899","published_at":"2026-06-04T12:55:00Z"},{"value":"0.06062","scoring_system":"epss","scoring_elements":"0.90914","published_at":"2026-06-05T12:55:00Z"},{"value":"0.06062","scoring_system":"epss","scoring_elements":"0.90913","published_at":"2026-06-06T12:55:00Z"},{"value":"0.06062","scoring_system":"epss","scoring_elements":"0.9091","published_at":"2026-06-07T12:55:00Z"},{"value":"0.06062","scoring_system":"epss","scoring_elements":"0.90907","published_at":"2026-06-08T12:55:00Z"},{"value":"0.06062","scoring_system":"epss","scoring_elements":"0.90922","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3622"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1218141","reference_id":"1218141","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1218141"},{"reference_url":"https://security.gentoo.org/glsa/201509-04","reference_id":"GLSA-201509-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201509-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1860","reference_id":"RHSA-2017:1860","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1860"},{"reference_url":"https://usn.ubuntu.com/2604-1/","reference_id":"USN-2604-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2604-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104002?format=json","purl":"pkg:deb/debian/libtasn1-6@4.4-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.4-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103996?format=json","purl":"pkg:deb/debian/libtasn1-6@4.16.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.16.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103994?format=json","purl":"pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.19.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103998?format=json","purl":"pkg:deb/debian/libtasn1-6@4.20.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.20.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103997?format=json","purl":"pkg:deb/debian/libtasn1-6@4.21.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.21.0-2%3Fdistro=trixie"}],"aliases":["CVE-2015-3622"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-byvb-99nu-quck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77492?format=json","vulnerability_id":"VCID-d1kh-gyxj-hkbv","summary":"GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000654.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000654.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000654","reference_id":"","reference_type":"","scores":[{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31177","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31245","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31168","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31212","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31145","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000654"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1621972","reference_id":"1621972","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1621972"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906768","reference_id":"906768","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906768"},{"reference_url":"https://usn.ubuntu.com/5352-1/","reference_id":"USN-5352-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5352-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104008?format=json","purl":"pkg:deb/debian/libtasn1-6@4.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.14-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103996?format=json","purl":"pkg:deb/debian/libtasn1-6@4.16.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.16.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103994?format=json","purl":"pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.19.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103998?format=json","purl":"pkg:deb/debian/libtasn1-6@4.20.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.20.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103997?format=json","purl":"pkg:deb/debian/libtasn1-6@4.21.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.21.0-2%3Fdistro=trixie"}],"aliases":["CVE-2018-1000654"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d1kh-gyxj-hkbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77485?format=json","vulnerability_id":"VCID-f5pn-n5wy-xqhb","summary":"Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3467.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3467.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3467","reference_id":"","reference_type":"","scores":[{"value":"0.07119","scoring_system":"epss","scoring_elements":"0.91688","published_at":"2026-06-04T12:55:00Z"},{"value":"0.07119","scoring_system":"epss","scoring_elements":"0.917","published_at":"2026-06-07T12:55:00Z"},{"value":"0.07119","scoring_system":"epss","scoring_elements":"0.91703","published_at":"2026-06-06T12:55:00Z"},{"value":"0.07119","scoring_system":"epss","scoring_elements":"0.91698","published_at":"2026-06-08T12:55:00Z"},{"value":"0.07119","scoring_system":"epss","scoring_elements":"0.91712","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3467"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1102022","reference_id":"1102022","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1102022"},{"reference_url":"https://security.gentoo.org/glsa/201408-09","reference_id":"GLSA-201408-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0594","reference_id":"RHSA-2014:0594","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0594"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0596","reference_id":"RHSA-2014:0596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0687","reference_id":"RHSA-2014:0687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0815","reference_id":"RHSA-2014:0815","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0815"},{"reference_url":"https://usn.ubuntu.com/2294-1/","reference_id":"USN-2294-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2294-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103995?format=json","purl":"pkg:deb/debian/libtasn1-6@3.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@3.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103996?format=json","purl":"pkg:deb/debian/libtasn1-6@4.16.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.16.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103994?format=json","purl":"pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.19.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103998?format=json","purl":"pkg:deb/debian/libtasn1-6@4.20.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.20.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103997?format=json","purl":"pkg:deb/debian/libtasn1-6@4.21.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.21.0-2%3Fdistro=trixie"}],"aliases":["CVE-2014-3467"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f5pn-n5wy-xqhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77490?format=json","vulnerability_id":"VCID-mv8t-d7dj-ubau","summary":"The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4008.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4008.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4008","reference_id":"","reference_type":"","scores":[{"value":"0.0429","scoring_system":"epss","scoring_elements":"0.89044","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0429","scoring_system":"epss","scoring_elements":"0.89061","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0429","scoring_system":"epss","scoring_elements":"0.89062","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0429","scoring_system":"epss","scoring_elements":"0.89063","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0429","scoring_system":"epss","scoring_elements":"0.89079","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4008"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1325965","reference_id":"1325965","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1325965"},{"reference_url":"https://security.gentoo.org/glsa/201703-05","reference_id":"GLSA-201703-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201703-05"},{"reference_url":"https://usn.ubuntu.com/2957-1/","reference_id":"USN-2957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2957-1/"},{"reference_url":"https://usn.ubuntu.com/2957-2/","reference_id":"USN-2957-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2957-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104004?format=json","purl":"pkg:deb/debian/libtasn1-6@4.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103996?format=json","purl":"pkg:deb/debian/libtasn1-6@4.16.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.16.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103994?format=json","purl":"pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.19.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103998?format=json","purl":"pkg:deb/debian/libtasn1-6@4.20.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.20.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103997?format=json","purl":"pkg:deb/debian/libtasn1-6@4.21.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.21.0-2%3Fdistro=trixie"}],"aliases":["CVE-2016-4008"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mv8t-d7dj-ubau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77487?format=json","vulnerability_id":"VCID-p8d8-71pk-7bg8","summary":"The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3469.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3469.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3469","reference_id":"","reference_type":"","scores":[{"value":"0.04519","scoring_system":"epss","scoring_elements":"0.89342","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04519","scoring_system":"epss","scoring_elements":"0.8936","published_at":"2026-06-08T12:55:00Z"},{"value":"0.04519","scoring_system":"epss","scoring_elements":"0.89361","published_at":"2026-06-06T12:55:00Z"},{"value":"0.04519","scoring_system":"epss","scoring_elements":"0.89377","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1102329","reference_id":"1102329","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1102329"},{"reference_url":"https://security.gentoo.org/glsa/201408-09","reference_id":"GLSA-201408-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0594","reference_id":"RHSA-2014:0594","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0594"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0596","reference_id":"RHSA-2014:0596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0687","reference_id":"RHSA-2014:0687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0815","reference_id":"RHSA-2014:0815","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0815"},{"reference_url":"https://usn.ubuntu.com/2294-1/","reference_id":"USN-2294-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2294-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103995?format=json","purl":"pkg:deb/debian/libtasn1-6@3.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@3.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103996?format=json","purl":"pkg:deb/debian/libtasn1-6@4.16.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.16.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103994?format=json","purl":"pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.19.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103998?format=json","purl":"pkg:deb/debian/libtasn1-6@4.20.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.20.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103997?format=json","purl":"pkg:deb/debian/libtasn1-6@4.21.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.21.0-2%3Fdistro=trixie"}],"aliases":["CVE-2014-3469"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p8d8-71pk-7bg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77488?format=json","vulnerability_id":"VCID-rm72-fcbq-mkhh","summary":"Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2806.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2806.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2806","reference_id":"","reference_type":"","scores":[{"value":"0.09345","scoring_system":"epss","scoring_elements":"0.92922","published_at":"2026-06-04T12:55:00Z"},{"value":"0.09345","scoring_system":"epss","scoring_elements":"0.92933","published_at":"2026-06-05T12:55:00Z"},{"value":"0.09345","scoring_system":"epss","scoring_elements":"0.9293","published_at":"2026-06-06T12:55:00Z"},{"value":"0.09345","scoring_system":"epss","scoring_elements":"0.92925","published_at":"2026-06-07T12:55:00Z"},{"value":"0.09345","scoring_system":"epss","scoring_elements":"0.92923","published_at":"2026-06-08T12:55:00Z"},{"value":"0.09345","scoring_system":"epss","scoring_elements":"0.92934","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2806"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2806","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2806"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1207192","reference_id":"1207192","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1207192"},{"reference_url":"https://security.gentoo.org/glsa/201509-04","reference_id":"GLSA-201509-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201509-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1860","reference_id":"RHSA-2017:1860","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1860"},{"reference_url":"https://usn.ubuntu.com/2559-1/","reference_id":"USN-2559-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2559-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104001?format=json","purl":"pkg:deb/debian/libtasn1-6@4.2-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.2-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103996?format=json","purl":"pkg:deb/debian/libtasn1-6@4.16.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.16.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103994?format=json","purl":"pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.19.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103998?format=json","purl":"pkg:deb/debian/libtasn1-6@4.20.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.20.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103997?format=json","purl":"pkg:deb/debian/libtasn1-6@4.21.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.21.0-2%3Fdistro=trixie"}],"aliases":["CVE-2015-2806"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rm72-fcbq-mkhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77493?format=json","vulnerability_id":"VCID-vfjg-bt32-5ydb","summary":"An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6003.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6003.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6003","reference_id":"","reference_type":"","scores":[{"value":"0.02547","scoring_system":"epss","scoring_elements":"0.85753","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02547","scoring_system":"epss","scoring_elements":"0.85776","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02547","scoring_system":"epss","scoring_elements":"0.85778","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02547","scoring_system":"epss","scoring_elements":"0.85774","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02547","scoring_system":"epss","scoring_elements":"0.85759","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02547","scoring_system":"epss","scoring_elements":"0.85773","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6003"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6003","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6003"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1535578","reference_id":"1535578","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1535578"},{"reference_url":"https://usn.ubuntu.com/3547-1/","reference_id":"USN-3547-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3547-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104010?format=json","purl":"pkg:deb/debian/libtasn1-6@4.13-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.13-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103996?format=json","purl":"pkg:deb/debian/libtasn1-6@4.16.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.16.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103994?format=json","purl":"pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.19.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103998?format=json","purl":"pkg:deb/debian/libtasn1-6@4.20.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.20.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103997?format=json","purl":"pkg:deb/debian/libtasn1-6@4.21.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.21.0-2%3Fdistro=trixie"}],"aliases":["CVE-2018-6003"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vfjg-bt32-5ydb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6545?format=json","vulnerability_id":"VCID-zszv-792v-x7fg","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6891.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6891.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6891","reference_id":"","reference_type":"","scores":[{"value":"0.01587","scoring_system":"epss","scoring_elements":"0.81999","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01587","scoring_system":"epss","scoring_elements":"0.8199","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01587","scoring_system":"epss","scoring_elements":"0.81955","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01587","scoring_system":"epss","scoring_elements":"0.81989","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01587","scoring_system":"epss","scoring_elements":"0.81984","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:P/A:P"},{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1456763","reference_id":"1456763","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1456763"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863186","reference_id":"863186","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863186"},{"reference_url":"https://security.archlinux.org/ASA-201706-10","reference_id":"ASA-201706-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-10"},{"reference_url":"https://security.archlinux.org/ASA-201706-3","reference_id":"ASA-201706-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-3"},{"reference_url":"https://security.archlinux.org/AVG-285","reference_id":"AVG-285","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-285"},{"reference_url":"https://security.archlinux.org/AVG-286","reference_id":"AVG-286","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-286"},{"reference_url":"https://security.gentoo.org/glsa/201710-11","reference_id":"GLSA-201710-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-11"},{"reference_url":"https://usn.ubuntu.com/3309-1/","reference_id":"USN-3309-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3309-1/"},{"reference_url":"https://usn.ubuntu.com/3309-2/","reference_id":"USN-3309-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3309-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104007?format=json","purl":"pkg:deb/debian/libtasn1-6@4.10-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.10-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103996?format=json","purl":"pkg:deb/debian/libtasn1-6@4.16.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.16.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103994?format=json","purl":"pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.19.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103998?format=json","purl":"pkg:deb/debian/libtasn1-6@4.20.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64bk-bw5e-2kd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.20.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103997?format=json","purl":"pkg:deb/debian/libtasn1-6@4.21.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.21.0-2%3Fdistro=trixie"}],"aliases":["CVE-2017-6891"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zszv-792v-x7fg"}],"risk_score":"2.6","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtasn1-6@4.16.0-2%252Bdeb11u1%3Fdistro=trixie"}