Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/rsyslog@8.1908.0-r1?arch=armv7&distroversion=v3.15&reponame=main
Typeapk
Namespacealpine
Namersyslog
Version8.1908.0-r1
Qualifiers
arch armv7
distroversion v3.15
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version8.2108.0-r2
Latest_non_vulnerable_version8.2108.0-r2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-3mev-rhz3-5qfk
vulnerability_id VCID-3mev-rhz3-5qfk
summary An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17042.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17042.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-17042
reference_id
reference_type
scores
0
value 0.00487
scoring_system epss
scoring_elements 0.65796
published_at 2026-06-04T12:55:00Z
1
value 0.00487
scoring_system epss
scoring_elements 0.65849
published_at 2026-06-05T12:55:00Z
2
value 0.00487
scoring_system epss
scoring_elements 0.65836
published_at 2026-06-08T12:55:00Z
3
value 0.00487
scoring_system epss
scoring_elements 0.6586
published_at 2026-06-06T12:55:00Z
4
value 0.00487
scoring_system epss
scoring_elements 0.65847
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-17042
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17042
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17042
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1766700
reference_id 1766700
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1766700
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942065
reference_id 942065
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942065
6
reference_url https://access.redhat.com/errata/RHSA-2020:1000
reference_id RHSA-2020:1000
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1000
7
reference_url https://access.redhat.com/errata/RHSA-2020:1702
reference_id RHSA-2020:1702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1702
8
reference_url https://usn.ubuntu.com/5419-1/
reference_id USN-5419-1
reference_type
scores
url https://usn.ubuntu.com/5419-1/
fixed_packages
0
url pkg:apk/alpine/rsyslog@8.1908.0-r1?arch=armv7&distroversion=v3.15&reponame=main
purl pkg:apk/alpine/rsyslog@8.1908.0-r1?arch=armv7&distroversion=v3.15&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rsyslog@8.1908.0-r1%3Farch=armv7&distroversion=v3.15&reponame=main
aliases CVE-2019-17042
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3mev-rhz3-5qfk
1
url VCID-psvf-cm75-fydh
vulnerability_id VCID-psvf-cm75-fydh
summary contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17040.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17040.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-17040
reference_id
reference_type
scores
0
value 0.005
scoring_system epss
scoring_elements 0.66312
published_at 2026-06-04T12:55:00Z
1
value 0.005
scoring_system epss
scoring_elements 0.66363
published_at 2026-06-05T12:55:00Z
2
value 0.005
scoring_system epss
scoring_elements 0.66371
published_at 2026-06-06T12:55:00Z
3
value 0.005
scoring_system epss
scoring_elements 0.66356
published_at 2026-06-07T12:55:00Z
4
value 0.005
scoring_system epss
scoring_elements 0.66342
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-17040
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17040
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17040
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1766641
reference_id 1766641
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1766641
fixed_packages
0
url pkg:apk/alpine/rsyslog@8.1908.0-r1?arch=armv7&distroversion=v3.15&reponame=main
purl pkg:apk/alpine/rsyslog@8.1908.0-r1?arch=armv7&distroversion=v3.15&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rsyslog@8.1908.0-r1%3Farch=armv7&distroversion=v3.15&reponame=main
aliases CVE-2019-17040
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-psvf-cm75-fydh
2
url VCID-tesq-xbbm-ufbb
vulnerability_id VCID-tesq-xbbm-ufbb
summary An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17041.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17041.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-17041
reference_id
reference_type
scores
0
value 0.01796
scoring_system epss
scoring_elements 0.83113
published_at 2026-06-04T12:55:00Z
1
value 0.01796
scoring_system epss
scoring_elements 0.83139
published_at 2026-06-05T12:55:00Z
2
value 0.01796
scoring_system epss
scoring_elements 0.83129
published_at 2026-06-08T12:55:00Z
3
value 0.01796
scoring_system epss
scoring_elements 0.8314
published_at 2026-06-06T12:55:00Z
4
value 0.01796
scoring_system epss
scoring_elements 0.83136
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-17041
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17041
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17041
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1766693
reference_id 1766693
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1766693
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942067
reference_id 942067
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942067
6
reference_url https://access.redhat.com/errata/RHSA-2020:1000
reference_id RHSA-2020:1000
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1000
7
reference_url https://access.redhat.com/errata/RHSA-2020:1702
reference_id RHSA-2020:1702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1702
8
reference_url https://usn.ubuntu.com/5419-1/
reference_id USN-5419-1
reference_type
scores
url https://usn.ubuntu.com/5419-1/
fixed_packages
0
url pkg:apk/alpine/rsyslog@8.1908.0-r1?arch=armv7&distroversion=v3.15&reponame=main
purl pkg:apk/alpine/rsyslog@8.1908.0-r1?arch=armv7&distroversion=v3.15&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rsyslog@8.1908.0-r1%3Farch=armv7&distroversion=v3.15&reponame=main
aliases CVE-2019-17041
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tesq-xbbm-ufbb
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/rsyslog@8.1908.0-r1%3Farch=armv7&distroversion=v3.15&reponame=main