{"url":"http://public2.vulnerablecode.io/api/packages/516774?format=json","purl":"pkg:deb/debian/bomberclone@0.11.5-1sarge2","type":"deb","namespace":"debian","name":"bomberclone","version":"0.11.5-1sarge2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.11.7-1","latest_non_vulnerable_version":"0.11.7-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61325?format=json","vulnerability_id":"VCID-8egm-s1qs-p3bf","summary":"BomberClone 0.11.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via (1) a certain malformed PKGF_ackreq packet, which triggers a crash in the rscache_add() function in pkgcache.c; and (2) an error packet, which is intended to be received by clients and force client shutdown, but also triggers server shutdown.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-4005","reference_id":"","reference_type":"","scores":[{"value":"0.04269","scoring_system":"epss","scoring_elements":"0.89018","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04269","scoring_system":"epss","scoring_elements":"0.89035","published_at":"2026-06-08T12:55:00Z"},{"value":"0.04269","scoring_system":"epss","scoring_elements":"0.89036","published_at":"2026-06-06T12:55:00Z"},{"value":"0.04269","scoring_system":"epss","scoring_elements":"0.89052","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-4005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4005"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382082","reference_id":"382082","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382082"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516775?format=json","purl":"pkg:deb/debian/bomberclone@0.11.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bomberclone@0.11.7-1"}],"aliases":["CVE-2006-4005"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8egm-s1qs-p3bf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61323?format=json","vulnerability_id":"VCID-hd3v-c7n2-zugz","summary":"Multiple buffer overflows in BomberClone before 0.11.6.2 allow remote attackers to execute arbitrary code via long error messages.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-0460","reference_id":"","reference_type":"","scores":[{"value":"0.82218","scoring_system":"epss","scoring_elements":"0.99237","published_at":"2026-06-04T12:55:00Z"},{"value":"0.82218","scoring_system":"epss","scoring_elements":"0.99238","published_at":"2026-06-07T12:55:00Z"},{"value":"0.82218","scoring_system":"epss","scoring_elements":"0.99239","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-0460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0460"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/1602.c","reference_id":"CVE-2006-0460","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/1602.c"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/16433.rb","reference_id":"CVE-2006-0460;OSVDB-23263","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/16433.rb"},{"reference_url":"http://www.frsirt.com/english/advisories/2006/0643","reference_id":"CVE-2006-0460;OSVDB-23263","reference_type":"exploit","scores":[],"url":"http://www.frsirt.com/english/advisories/2006/0643"},{"reference_url":"https://security.gentoo.org/glsa/200602-09","reference_id":"GLSA-200602-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200602-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516775?format=json","purl":"pkg:deb/debian/bomberclone@0.11.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bomberclone@0.11.7-1"}],"aliases":["CVE-2006-0460"],"risk_score":1.4,"exploitability":"2.0","weighted_severity":"0.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hd3v-c7n2-zugz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61328?format=json","vulnerability_id":"VCID-wkjq-7hu5-vkg2","summary":"The do_gameinfo function in BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote attackers to read portions of server memory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-4006","reference_id":"","reference_type":"","scores":[{"value":"0.11903","scoring_system":"epss","scoring_elements":"0.93878","published_at":"2026-06-04T12:55:00Z"},{"value":"0.11903","scoring_system":"epss","scoring_elements":"0.93887","published_at":"2026-06-07T12:55:00Z"},{"value":"0.11903","scoring_system":"epss","scoring_elements":"0.93885","published_at":"2026-06-08T12:55:00Z"},{"value":"0.11903","scoring_system":"epss","scoring_elements":"0.93891","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-4006"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4006","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4006"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382082","reference_id":"382082","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382082"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/28314.c","reference_id":"CVE-2006-4006;OSVDB-27648","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/28314.c"},{"reference_url":"https://www.securityfocus.com/bid/19255/info","reference_id":"CVE-2006-4006;OSVDB-27648","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/19255/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516775?format=json","purl":"pkg:deb/debian/bomberclone@0.11.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bomberclone@0.11.7-1"}],"aliases":["CVE-2006-4006"],"risk_score":0.2,"exploitability":"2.0","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wkjq-7hu5-vkg2"}],"fixing_vulnerabilities":[],"risk_score":"1.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bomberclone@0.11.5-1sarge2"}