{"url":"http://public2.vulnerablecode.io/api/packages/56739?format=json","purl":"pkg:deb/debian/libtoxcore@0.2.22-1?distro=trixie","type":"deb","namespace":"debian","name":"libtoxcore","version":"0.2.22-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206406?format=json","vulnerability_id":"VCID-7ne3-ngru-vbec","summary":"The Onion module in toxcore before 0.2.2 doesn't restrict which packets can be onion-routed, which allows a remote attacker to discover a target user's IP address (when knowing only their Tox Id) by positioning themselves close to target's Tox Id in the DHT for the target to establish an onion connection with the attacker, guessing the target's DHT public key and creating a DHT node with public key close to it, and finally onion-routing a NAT Ping Request to the target, requesting it to ping the just created DHT node.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-25022","reference_id":"","reference_type":"","scores":[{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.5354","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53666","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-25022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25022"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56741?format=json","purl":"pkg:deb/debian/libtoxcore@0.2.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtoxcore@0.2.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56738?format=json","purl":"pkg:deb/debian/libtoxcore@0.2.12-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ee37-99f4-43db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtoxcore@0.2.12-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56736?format=json","purl":"pkg:deb/debian/libtoxcore@0.2.18-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtoxcore@0.2.18-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56740?format=json","purl":"pkg:deb/debian/libtoxcore@0.2.20-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtoxcore@0.2.20-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56739?format=json","purl":"pkg:deb/debian/libtoxcore@0.2.22-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtoxcore@0.2.22-1%3Fdistro=trixie"}],"aliases":["CVE-2018-25022"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ne3-ngru-vbec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/181857?format=json","vulnerability_id":"VCID-ee37-99f4-43db","summary":"A vulnerability has been discovered in Tox which may lead to remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44847","reference_id":"","reference_type":"","scores":[{"value":"0.03947","scoring_system":"epss","scoring_elements":"0.88612","published_at":"2026-06-11T12:55:00Z"},{"value":"0.03947","scoring_system":"epss","scoring_elements":"0.88651","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44847"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44847","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44847"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001711","reference_id":"1001711","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001711"},{"reference_url":"https://security.archlinux.org/AVG-2627","reference_id":"AVG-2627","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2627"},{"reference_url":"https://security.gentoo.org/glsa/202403-01","reference_id":"GLSA-202403-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202403-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56742?format=json","purl":"pkg:deb/debian/libtoxcore@0.2.13-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtoxcore@0.2.13-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56736?format=json","purl":"pkg:deb/debian/libtoxcore@0.2.18-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtoxcore@0.2.18-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56740?format=json","purl":"pkg:deb/debian/libtoxcore@0.2.20-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtoxcore@0.2.20-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56739?format=json","purl":"pkg:deb/debian/libtoxcore@0.2.22-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtoxcore@0.2.22-1%3Fdistro=trixie"}],"aliases":["CVE-2021-44847"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ee37-99f4-43db"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206405?format=json","vulnerability_id":"VCID-jgns-wamx-tydv","summary":"The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service (DoS).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-25021","reference_id":"","reference_type":"","scores":[{"value":"0.00976","scoring_system":"epss","scoring_elements":"0.7713","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00976","scoring_system":"epss","scoring_elements":"0.77201","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-25021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25021"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56737?format=json","purl":"pkg:deb/debian/libtoxcore@0.2.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtoxcore@0.2.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56738?format=json","purl":"pkg:deb/debian/libtoxcore@0.2.12-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ee37-99f4-43db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtoxcore@0.2.12-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56736?format=json","purl":"pkg:deb/debian/libtoxcore@0.2.18-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtoxcore@0.2.18-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56740?format=json","purl":"pkg:deb/debian/libtoxcore@0.2.20-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtoxcore@0.2.20-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/56739?format=json","purl":"pkg:deb/debian/libtoxcore@0.2.22-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtoxcore@0.2.22-1%3Fdistro=trixie"}],"aliases":["CVE-2018-25021"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jgns-wamx-tydv"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libtoxcore@0.2.22-1%3Fdistro=trixie"}