Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/512021?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/512021?format=api", "purl": "pkg:cargo/solana_rbpf@0.2.17", "type": "cargo", "namespace": "", "name": "solana_rbpf", "version": "0.2.17", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "0.2.28", "latest_non_vulnerable_version": "0.2.29", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/109305?format=api", "vulnerability_id": "VCID-5z6b-tstq-3bdr", "summary": "Integer overflow in solana_rbpf\nFrom version 0.2.14 to 0.2.16 for Solana rBPF, function \"relocate\" in the file src/elf.rs has an integer overflow bug because the sym.st_value is read directly from ELF file without checking. If the sym.st_value is rather large, an integer overflow is triggered while calculating the variable \"addr\" via `addr = (sym.st_value + refd_pa) as u64`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-46102", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68767", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68763", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68743", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68759", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68718", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-46102" }, { "reference_url": "https://blocksecteam.medium.com/new-integer-overflow-bug-discovered-in-solana-rbpf-7729717159ee", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blocksecteam.medium.com/new-integer-overflow-bug-discovered-in-solana-rbpf-7729717159ee" }, { "reference_url": "https://github.com/solana-labs/rbpf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/solana-labs/rbpf" }, { "reference_url": "https://github.com/solana-labs/rbpf/blob/c14764850f0b83b58aa013248eaf6d65836c1218/src/elf.rs#L609-L630", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/solana-labs/rbpf/blob/c14764850f0b83b58aa013248eaf6d65836c1218/src/elf.rs#L609-L630" }, { "reference_url": "https://github.com/solana-labs/rbpf/pull/200", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/solana-labs/rbpf/pull/200" }, { "reference_url": "https://github.com/solana-labs/rbpf/pull/236", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/solana-labs/rbpf/pull/236" }, { "reference_url": "https://github.com/solana-labs/rbpf/releases/tag/v0.2.17", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/solana-labs/rbpf/releases/tag/v0.2.17" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46102", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46102" }, { "reference_url": "https://github.com/advisories/GHSA-xwqr-xmgg-j69q", "reference_id": "GHSA-xwqr-xmgg-j69q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xwqr-xmgg-j69q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/512021?format=api", "purl": "pkg:cargo/solana_rbpf@0.2.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:cargo/solana_rbpf@0.2.17" } ], "aliases": [ "CVE-2021-46102", "GHSA-xwqr-xmgg-j69q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5z6b-tstq-3bdr" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:cargo/solana_rbpf@0.2.17" }