Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:alpm/archlinux/lib32-openssl@1:1.0.2.k-1
Typealpm
Namespacearchlinux
Namelib32-openssl
Version1:1.0.2.k-1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1:1.1.0.c-1
Latest_non_vulnerable_version1:3.1.4-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-btfw-3r9y-7kad
vulnerability_id VCID-btfw-3r9y-7kad
summary If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3731.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3731.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-3731
reference_id
reference_type
scores
0
value 0.10401
scoring_system epss
scoring_elements 0.93357
published_at 2026-06-08T12:55:00Z
1
value 0.10401
scoring_system epss
scoring_elements 0.93347
published_at 2026-06-04T12:55:00Z
2
value 0.10401
scoring_system epss
scoring_elements 0.93359
published_at 2026-06-05T12:55:00Z
3
value 0.10401
scoring_system epss
scoring_elements 0.9336
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-3731
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7056
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7056
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8610
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8610
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1416852
reference_id 1416852
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1416852
7
reference_url https://security.archlinux.org/ASA-201701-36
reference_id ASA-201701-36
reference_type
scores
url https://security.archlinux.org/ASA-201701-36
8
reference_url https://security.archlinux.org/ASA-201701-37
reference_id ASA-201701-37
reference_type
scores
url https://security.archlinux.org/ASA-201701-37
9
reference_url https://security.archlinux.org/AVG-154
reference_id AVG-154
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-154
10
reference_url https://security.archlinux.org/AVG-155
reference_id AVG-155
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-155
11
reference_url https://security.gentoo.org/glsa/201702-07
reference_id GLSA-201702-07
reference_type
scores
url https://security.gentoo.org/glsa/201702-07
12
reference_url https://access.redhat.com/errata/RHSA-2017:0286
reference_id RHSA-2017:0286
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0286
13
reference_url https://access.redhat.com/errata/RHSA-2018:2185
reference_id RHSA-2018:2185
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2185
14
reference_url https://access.redhat.com/errata/RHSA-2018:2186
reference_id RHSA-2018:2186
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2186
15
reference_url https://access.redhat.com/errata/RHSA-2018:2187
reference_id RHSA-2018:2187
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2187
16
reference_url https://usn.ubuntu.com/3181-1/
reference_id USN-3181-1
reference_type
scores
url https://usn.ubuntu.com/3181-1/
fixed_packages
0
url pkg:alpm/archlinux/lib32-openssl@1:1.0.2.k-1
purl pkg:alpm/archlinux/lib32-openssl@1:1.0.2.k-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/lib32-openssl@1:1.0.2.k-1
aliases CVE-2017-3731
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-btfw-3r9y-7kad
1
url VCID-ga7r-j1sv-2qh6
vulnerability_id VCID-ga7r-j1sv-2qh6
summary There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7055.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7055.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-7055
reference_id
reference_type
scores
0
value 0.02693
scoring_system epss
scoring_elements 0.86154
published_at 2026-06-08T12:55:00Z
1
value 0.02693
scoring_system epss
scoring_elements 0.86146
published_at 2026-06-04T12:55:00Z
2
value 0.02693
scoring_system epss
scoring_elements 0.86167
published_at 2026-06-05T12:55:00Z
3
value 0.02693
scoring_system epss
scoring_elements 0.8617
published_at 2026-06-06T12:55:00Z
4
value 0.02693
scoring_system epss
scoring_elements 0.86165
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-7055
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:N/I:N/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1393929
reference_id 1393929
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1393929
5
reference_url https://security.archlinux.org/ASA-201701-36
reference_id ASA-201701-36
reference_type
scores
url https://security.archlinux.org/ASA-201701-36
6
reference_url https://security.archlinux.org/ASA-201701-37
reference_id ASA-201701-37
reference_type
scores
url https://security.archlinux.org/ASA-201701-37
7
reference_url https://security.archlinux.org/AVG-154
reference_id AVG-154
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-154
8
reference_url https://security.archlinux.org/AVG-155
reference_id AVG-155
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-155
9
reference_url https://security.archlinux.org/AVG-67
reference_id AVG-67
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-67
10
reference_url https://security.archlinux.org/AVG-68
reference_id AVG-68
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-68
11
reference_url https://security.gentoo.org/glsa/201702-07
reference_id GLSA-201702-07
reference_type
scores
url https://security.gentoo.org/glsa/201702-07
12
reference_url https://access.redhat.com/errata/RHSA-2018:2185
reference_id RHSA-2018:2185
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2185
13
reference_url https://access.redhat.com/errata/RHSA-2018:2186
reference_id RHSA-2018:2186
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2186
14
reference_url https://access.redhat.com/errata/RHSA-2018:2187
reference_id RHSA-2018:2187
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2187
15
reference_url https://usn.ubuntu.com/3181-1/
reference_id USN-3181-1
reference_type
scores
url https://usn.ubuntu.com/3181-1/
fixed_packages
0
url pkg:alpm/archlinux/lib32-openssl@1:1.0.2.k-1
purl pkg:alpm/archlinux/lib32-openssl@1:1.0.2.k-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/lib32-openssl@1:1.0.2.k-1
aliases CVE-2016-7055
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ga7r-j1sv-2qh6
2
url VCID-smvv-rrba-qqa5
vulnerability_id VCID-smvv-rrba-qqa5
summary There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3732.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3732.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-3732
reference_id
reference_type
scores
0
value 0.05182
scoring_system epss
scoring_elements 0.90093
published_at 2026-06-08T12:55:00Z
1
value 0.05182
scoring_system epss
scoring_elements 0.90097
published_at 2026-06-05T12:55:00Z
2
value 0.05182
scoring_system epss
scoring_elements 0.90096
published_at 2026-06-06T12:55:00Z
3
value 0.05182
scoring_system epss
scoring_elements 0.90094
published_at 2026-06-07T12:55:00Z
4
value 0.05182
scoring_system epss
scoring_elements 0.90081
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-3732
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1416856
reference_id 1416856
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1416856
5
reference_url https://security.archlinux.org/ASA-201701-36
reference_id ASA-201701-36
reference_type
scores
url https://security.archlinux.org/ASA-201701-36
6
reference_url https://security.archlinux.org/ASA-201701-37
reference_id ASA-201701-37
reference_type
scores
url https://security.archlinux.org/ASA-201701-37
7
reference_url https://security.archlinux.org/AVG-154
reference_id AVG-154
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-154
8
reference_url https://security.archlinux.org/AVG-155
reference_id AVG-155
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-155
9
reference_url https://security.gentoo.org/glsa/201702-07
reference_id GLSA-201702-07
reference_type
scores
url https://security.gentoo.org/glsa/201702-07
10
reference_url https://security.gentoo.org/glsa/201802-04
reference_id GLSA-201802-04
reference_type
scores
url https://security.gentoo.org/glsa/201802-04
11
reference_url https://access.redhat.com/errata/RHSA-2018:2185
reference_id RHSA-2018:2185
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2185
12
reference_url https://access.redhat.com/errata/RHSA-2018:2186
reference_id RHSA-2018:2186
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2186
13
reference_url https://access.redhat.com/errata/RHSA-2018:2187
reference_id RHSA-2018:2187
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2187
14
reference_url https://access.redhat.com/errata/RHSA-2018:2568
reference_id RHSA-2018:2568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2568
15
reference_url https://access.redhat.com/errata/RHSA-2018:2575
reference_id RHSA-2018:2575
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2575
16
reference_url https://access.redhat.com/errata/RHSA-2018:2713
reference_id RHSA-2018:2713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2713
17
reference_url https://usn.ubuntu.com/3181-1/
reference_id USN-3181-1
reference_type
scores
url https://usn.ubuntu.com/3181-1/
fixed_packages
0
url pkg:alpm/archlinux/lib32-openssl@1:1.0.2.k-1
purl pkg:alpm/archlinux/lib32-openssl@1:1.0.2.k-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/lib32-openssl@1:1.0.2.k-1
aliases CVE-2017-3732
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-smvv-rrba-qqa5
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/lib32-openssl@1:1.0.2.k-1