{"url":"http://public2.vulnerablecode.io/api/packages/108535?format=json","purl":"pkg:deb/debian/zfs-linux@2.4.2-2?distro=trixie","type":"deb","namespace":"debian","name":"zfs-linux","version":"2.4.2-2","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.4.3-1","latest_non_vulnerable_version":"2.4.3-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219334?format=json","vulnerability_id":"VCID-78y6-42kw-vkcu","summary":"sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obtain sensitive information by reading shared files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3400","reference_id":"","reference_type":"","scores":[{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46809","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46951","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46965","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46947","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3400"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/108538?format=json","purl":"pkg:deb/debian/zfs-linux@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/108533?format=json","purl":"pkg:deb/debian/zfs-linux@2.0.3-9%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.0.3-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/108532?format=json","purl":"pkg:deb/debian/zfs-linux@2.1.11-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.1.11-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/108537?format=json","purl":"pkg:deb/debian/zfs-linux@2.3.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.3.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/108535?format=json","purl":"pkg:deb/debian/zfs-linux@2.4.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.4.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1206507?format=json","purl":"pkg:deb/debian/zfs-linux@2.4.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.4.3-1%3Fdistro=trixie"}],"aliases":["CVE-2015-3400"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-78y6-42kw-vkcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/133091?format=json","vulnerability_id":"VCID-autf-ey78-ekgq","summary":"OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49298","reference_id":"","reference_type":"","scores":[{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71595","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71593","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71497","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71583","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49298"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49298","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49298"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056752","reference_id":"1056752","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056752"},{"reference_url":"https://github.com/openzfs/zfs/issues/15526","reference_id":"15526","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-10T20:36:55Z/"}],"url":"https://github.com/openzfs/zfs/issues/15526"},{"reference_url":"https://github.com/openzfs/zfs/pull/15571","reference_id":"15571","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-10T20:36:55Z/"}],"url":"https://github.com/openzfs/zfs/pull/15571"},{"reference_url":"https://bugs.gentoo.org/917224","reference_id":"917224","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-10T20:36:55Z/"}],"url":"https://bugs.gentoo.org/917224"},{"reference_url":"https://web.archive.org/web/20231124172959/https://www.ibm.com/support/pages/how-remove-missing%C2%A0newline%C2%A0or%C2%A0line%C2%A0too%C2%A0long-error-etchostsallow%C2%A0and%C2%A0etchostsdeny-files","reference_id":"how-remove-missing%C2%A0newline%C2%A0or%C2%A0line%C2%A0too%C2%A0long-error-etchostsallow%C2%A0and%C2%A0etchostsdeny-files","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-10T20:36:55Z/"}],"url":"https://web.archive.org/web/20231124172959/https://www.ibm.com/support/pages/how-remove-missing%C2%A0newline%C2%A0or%C2%A0line%C2%A0too%C2%A0long-error-etchostsallow%C2%A0and%C2%A0etchostsdeny-files"},{"reference_url":"https://news.ycombinator.com/item?id=38405731","reference_id":"item?id=38405731","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-10T20:36:55Z/"}],"url":"https://news.ycombinator.com/item?id=38405731"},{"reference_url":"https://news.ycombinator.com/item?id=38770168","reference_id":"item?id=38770168","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-10T20:36:55Z/"}],"url":"https://news.ycombinator.com/item?id=38770168"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00019.html","reference_id":"msg00019.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-10T20:36:55Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00019.html"},{"reference_url":"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275308","reference_id":"show_bug.cgi?id=275308","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-10T20:36:55Z/"}],"url":"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275308"},{"reference_url":"https://www.theregister.com/2023/12/04/two_new_versions_of_openzfs/","reference_id":"two_new_versions_of_openzfs","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-10T20:36:55Z/"}],"url":"https://www.theregister.com/2023/12/04/two_new_versions_of_openzfs/"},{"reference_url":"https://github.com/openzfs/zfs/releases/tag/zfs-2.1.14","reference_id":"zfs-2.1.14","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-10T20:36:55Z/"}],"url":"https://github.com/openzfs/zfs/releases/tag/zfs-2.1.14"},{"reference_url":"https://github.com/openzfs/zfs/releases/tag/zfs-2.2.2","reference_id":"zfs-2.2.2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-10T20:36:55Z/"}],"url":"https://github.com/openzfs/zfs/releases/tag/zfs-2.2.2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/108533?format=json","purl":"pkg:deb/debian/zfs-linux@2.0.3-9%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.0.3-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/108534?format=json","purl":"pkg:deb/debian/zfs-linux@2.0.3-9%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.0.3-9%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/108532?format=json","purl":"pkg:deb/debian/zfs-linux@2.1.11-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.1.11-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/108539?format=json","purl":"pkg:deb/debian/zfs-linux@2.1.14-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.1.14-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/108537?format=json","purl":"pkg:deb/debian/zfs-linux@2.3.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.3.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/108535?format=json","purl":"pkg:deb/debian/zfs-linux@2.4.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.4.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1206507?format=json","purl":"pkg:deb/debian/zfs-linux@2.4.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.4.3-1%3Fdistro=trixie"}],"aliases":["CVE-2023-49298"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-autf-ey78-ekgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202779?format=json","vulnerability_id":"VCID-d1zw-x1b4-tyc8","summary":"An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the configuration are not applied.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-20001","reference_id":"","reference_type":"","scores":[{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47595","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47735","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47751","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47731","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-20001"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-20001","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-20001"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059322","reference_id":"1059322","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059322"},{"reference_url":"https://usn.ubuntu.com/6511-1/","reference_id":"USN-6511-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6511-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/108533?format=json","purl":"pkg:deb/debian/zfs-linux@2.0.3-9%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.0.3-9%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/108534?format=json","purl":"pkg:deb/debian/zfs-linux@2.0.3-9%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.0.3-9%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/108532?format=json","purl":"pkg:deb/debian/zfs-linux@2.1.11-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.1.11-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/108536?format=json","purl":"pkg:deb/debian/zfs-linux@2.2.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.2.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/108537?format=json","purl":"pkg:deb/debian/zfs-linux@2.3.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.3.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/108535?format=json","purl":"pkg:deb/debian/zfs-linux@2.4.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.4.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1206507?format=json","purl":"pkg:deb/debian/zfs-linux@2.4.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.4.3-1%3Fdistro=trixie"}],"aliases":["CVE-2013-20001"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d1zw-x1b4-tyc8"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zfs-linux@2.4.2-2%3Fdistro=trixie"}