Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/ldns@1.6.17-5~bpo70%2B1

Type deb

Namespace debian

Name ldns

Version 1.6.17-5~bpo70+1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.7.0-4

Latest_non_vulnerable_version 1.8.3-1

Affected_by_vulnerabilities

url VCID-8de4-25qc-gbag

vulnerability_id VCID-8de4-25qc-gbag

summary A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000231.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000231.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000231

reference_id

reference_type

scores

value	0.00558
scoring_system	epss
scoring_elements	0.68553
published_at	2026-06-04T12:55:00Z

value	0.00558
scoring_system	epss
scoring_elements	0.68594
published_at	2026-06-05T12:55:00Z

value	0.00558
scoring_system	epss
scoring_elements	0.6858
published_at	2026-06-08T12:55:00Z

value	0.00558
scoring_system	epss
scoring_elements	0.68602
published_at	2026-06-06T12:55:00Z

value	0.00558
scoring_system	epss
scoring_elements	0.68595
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000231

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000231
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000231

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1510985
reference_id	1510985
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1510985

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882015
reference_id	882015
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882015

reference_url	https://usn.ubuntu.com/3491-1/
reference_id	USN-3491-1
reference_type
scores
url	https://usn.ubuntu.com/3491-1/

fixed_packages

url	pkg:deb/debian/ldns@1.7.0-4
purl	pkg:deb/debian/ldns@1.7.0-4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldns@1.7.0-4

aliases CVE-2017-1000231

risk_score 3.1

exploitability 0.5

weighted_severity 6.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8de4-25qc-gbag

url VCID-d88a-ng4f-d3f3

vulnerability_id VCID-d88a-ng4f-d3f3

summary A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000232.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000232.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000232

reference_id

reference_type

scores

value	0.00491
scoring_system	epss
scoring_elements	0.65947
published_at	2026-06-04T12:55:00Z

value	0.00491
scoring_system	epss
scoring_elements	0.65999
published_at	2026-06-05T12:55:00Z

value	0.00491
scoring_system	epss
scoring_elements	0.65985
published_at	2026-06-08T12:55:00Z

value	0.00491
scoring_system	epss
scoring_elements	0.66011
published_at	2026-06-06T12:55:00Z

value	0.00491
scoring_system	epss
scoring_elements	0.65997
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000232

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000232
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000232

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1510993
reference_id	1510993
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1510993

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882014
reference_id	882014
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882014

reference_url	https://usn.ubuntu.com/3491-1/
reference_id	USN-3491-1
reference_type
scores
url	https://usn.ubuntu.com/3491-1/

fixed_packages

url	pkg:deb/debian/ldns@1.7.0-4
purl	pkg:deb/debian/ldns@1.7.0-4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldns@1.7.0-4

aliases CVE-2017-1000232

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d88a-ng4f-d3f3

Fixing_vulnerabilities

url VCID-pq9x-e15g-vfbv

vulnerability_id VCID-pq9x-e15g-vfbv

summary The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3209.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3209.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3209

reference_id

reference_type

scores

value	0.00154
scoring_system	epss
scoring_elements	0.35806
published_at	2026-06-04T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.35902
published_at	2026-06-05T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.35912
published_at	2026-06-06T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.35872
published_at	2026-06-07T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.35833
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3209

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3209
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3209

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1093943
reference_id	1093943
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1093943

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746758
reference_id	746758
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746758

reference_url	https://usn.ubuntu.com/3491-1/
reference_id	USN-3491-1
reference_type
scores
url	https://usn.ubuntu.com/3491-1/

fixed_packages

url pkg:deb/debian/ldns@1.6.17-5~bpo70%2B1

purl pkg:deb/debian/ldns@1.6.17-5~bpo70%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8de4-25qc-gbag

vulnerability	VCID-d88a-ng4f-d3f3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldns@1.6.17-5~bpo70%252B1

aliases CVE-2014-3209

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pq9x-e15g-vfbv

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldns@1.6.17-5~bpo70%252B1

Package Instance