{"url":"http://public2.vulnerablecode.io/api/packages/148753?format=json","purl":"pkg:rpm/redhat/libvirt@1.2.17-13.el7_2?arch=9","type":"rpm","namespace":"redhat","name":"libvirt","version":"1.2.17-13.el7_2","qualifiers":{"arch":"9"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73809?format=json","vulnerability_id":"VCID-jp6t-afcy-dqgk","summary":"Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3639.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3639.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3639","reference_id":"","reference_type":"","scores":[{"value":"0.46733","scoring_system":"epss","scoring_elements":"0.97726","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-3639"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1566890","reference_id":"1566890","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1566890"},{"reference_url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1528","reference_id":"CVE-2018-3639","reference_type":"exploit","scores":[],"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/hardware/dos/44695.c","reference_id":"CVE-2018-3639","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/hardware/dos/44695.c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1629","reference_id":"RHSA-2018:1629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1630","reference_id":"RHSA-2018:1630","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1630"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1632","reference_id":"RHSA-2018:1632","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1632"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1633","reference_id":"RHSA-2018:1633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1635","reference_id":"RHSA-2018:1635","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1635"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1636","reference_id":"RHSA-2018:1636","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1636"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1637","reference_id":"RHSA-2018:1637","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1637"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1638","reference_id":"RHSA-2018:1638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1639","reference_id":"RHSA-2018:1639","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1639"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1640","reference_id":"RHSA-2018:1640","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1640"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1641","reference_id":"RHSA-2018:1641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1642","reference_id":"RHSA-2018:1642","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1642"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1643","reference_id":"RHSA-2018:1643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1643"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1644","reference_id":"RHSA-2018:1644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1645","reference_id":"RHSA-2018:1645","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1645"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1646","reference_id":"RHSA-2018:1646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1647","reference_id":"RHSA-2018:1647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1648","reference_id":"RHSA-2018:1648","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1648"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1649","reference_id":"RHSA-2018:1649","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1649"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1650","reference_id":"RHSA-2018:1650","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1650"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1651","reference_id":"RHSA-2018:1651","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1651"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1652","reference_id":"RHSA-2018:1652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1653","reference_id":"RHSA-2018:1653","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1653"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1654","reference_id":"RHSA-2018:1654","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1654"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1655","reference_id":"RHSA-2018:1655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1656","reference_id":"RHSA-2018:1656","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1656"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1657","reference_id":"RHSA-2018:1657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1658","reference_id":"RHSA-2018:1658","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1658"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1659","reference_id":"RHSA-2018:1659","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1659"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1660","reference_id":"RHSA-2018:1660","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1660"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1661","reference_id":"RHSA-2018:1661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1662","reference_id":"RHSA-2018:1662","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1662"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1663","reference_id":"RHSA-2018:1663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1664","reference_id":"RHSA-2018:1664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1664"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1665","reference_id":"RHSA-2018:1665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1666","reference_id":"RHSA-2018:1666","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1666"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1667","reference_id":"RHSA-2018:1667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1668","reference_id":"RHSA-2018:1668","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1668"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1669","reference_id":"RHSA-2018:1669","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1674","reference_id":"RHSA-2018:1674","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1674"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1675","reference_id":"RHSA-2018:1675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1676","reference_id":"RHSA-2018:1676","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1676"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1686","reference_id":"RHSA-2018:1686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1688","reference_id":"RHSA-2018:1688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1689","reference_id":"RHSA-2018:1689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1690","reference_id":"RHSA-2018:1690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1696","reference_id":"RHSA-2018:1696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1710","reference_id":"RHSA-2018:1710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1711","reference_id":"RHSA-2018:1711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1711"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1737","reference_id":"RHSA-2018:1737","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1737"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1738","reference_id":"RHSA-2018:1738","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1738"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1826","reference_id":"RHSA-2018:1826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1854","reference_id":"RHSA-2018:1854","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1965","reference_id":"RHSA-2018:1965","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1965"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1967","reference_id":"RHSA-2018:1967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1967"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1997","reference_id":"RHSA-2018:1997","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1997"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2001","reference_id":"RHSA-2018:2001","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2001"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2003","reference_id":"RHSA-2018:2003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2006","reference_id":"RHSA-2018:2006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2060","reference_id":"RHSA-2018:2060","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2060"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2161","reference_id":"RHSA-2018:2161","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2161"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2162","reference_id":"RHSA-2018:2162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2164","reference_id":"RHSA-2018:2164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2171","reference_id":"RHSA-2018:2171","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2171"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2172","reference_id":"RHSA-2018:2172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2172"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2216","reference_id":"RHSA-2018:2216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2228","reference_id":"RHSA-2018:2228","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2228"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2246","reference_id":"RHSA-2018:2246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2250","reference_id":"RHSA-2018:2250","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2250"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2258","reference_id":"RHSA-2018:2258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2258"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2289","reference_id":"RHSA-2018:2289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2309","reference_id":"RHSA-2018:2309","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2309"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2328","reference_id":"RHSA-2018:2328","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2328"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2363","reference_id":"RHSA-2018:2363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2364","reference_id":"RHSA-2018:2364","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2364"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2387","reference_id":"RHSA-2018:2387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2394","reference_id":"RHSA-2018:2394","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2394"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2396","reference_id":"RHSA-2018:2396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2396"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2948","reference_id":"RHSA-2018:2948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3396","reference_id":"RHSA-2018:3396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3396"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3397","reference_id":"RHSA-2018:3397","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3397"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3398","reference_id":"RHSA-2018:3398","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3398"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3399","reference_id":"RHSA-2018:3399","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3399"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3400","reference_id":"RHSA-2018:3400","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3400"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3401","reference_id":"RHSA-2018:3401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3401"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3402","reference_id":"RHSA-2018:3402","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3402"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3407","reference_id":"RHSA-2018:3407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3423","reference_id":"RHSA-2018:3423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3424","reference_id":"RHSA-2018:3424","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3424"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3425","reference_id":"RHSA-2018:3425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3425"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0148","reference_id":"RHSA-2019:0148","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0148"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1046","reference_id":"RHSA-2019:1046","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1046"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-263.html","reference_id":"XSA-263","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-263.html"}],"fixed_packages":[],"aliases":["CVE-2018-3639"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jp6t-afcy-dqgk"}],"fixing_vulnerabilities":[],"risk_score":"2.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libvirt@1.2.17-13.el7_2%3Farch=9"}