Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/cryptsetup@2.3.4-r0?arch=aarch64&distroversion=v3.14&reponame=main
Typeapk
Namespacealpine
Namecryptsetup
Version2.3.4-r0
Qualifiers
arch aarch64
distroversion v3.14
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.3.7-r0
Latest_non_vulnerable_version2.3.7-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-d253-e8zk-wfe2
vulnerability_id VCID-d253-e8zk-wfe2
summary A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2_json_metadata.c' in function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement "intervals = malloc(first_backup * sizeof(*intervals));"). Due to the bug, library can be *tricked* to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14382.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14382.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14382
reference_id
reference_type
scores
0
value 0.00282
scoring_system epss
scoring_elements 0.51847
published_at 2026-06-04T12:55:00Z
1
value 0.00282
scoring_system epss
scoring_elements 0.51906
published_at 2026-06-05T12:55:00Z
2
value 0.00282
scoring_system epss
scoring_elements 0.51915
published_at 2026-06-06T12:55:00Z
3
value 0.00282
scoring_system epss
scoring_elements 0.51894
published_at 2026-06-07T12:55:00Z
4
value 0.00282
scoring_system epss
scoring_elements 0.51863
published_at 2026-06-08T12:55:00Z
5
value 0.00282
scoring_system epss
scoring_elements 0.51882
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14382
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14382
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14382
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1874712
reference_id 1874712
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1874712
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969471
reference_id 969471
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969471
6
reference_url https://access.redhat.com/errata/RHSA-2020:4542
reference_id RHSA-2020:4542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4542
7
reference_url https://access.redhat.com/errata/RHSA-2020:4900
reference_id RHSA-2020:4900
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4900
8
reference_url https://access.redhat.com/errata/RHSA-2021:0258
reference_id RHSA-2021:0258
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0258
9
reference_url https://usn.ubuntu.com/4493-1/
reference_id USN-4493-1
reference_type
scores
url https://usn.ubuntu.com/4493-1/
fixed_packages
0
url pkg:apk/alpine/cryptsetup@2.3.4-r0?arch=aarch64&distroversion=v3.14&reponame=main
purl pkg:apk/alpine/cryptsetup@2.3.4-r0?arch=aarch64&distroversion=v3.14&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cryptsetup@2.3.4-r0%3Farch=aarch64&distroversion=v3.14&reponame=main
aliases CVE-2020-14382
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d253-e8zk-wfe2
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/cryptsetup@2.3.4-r0%3Farch=aarch64&distroversion=v3.14&reponame=main