{"url":"http://public2.vulnerablecode.io/api/packages/93347?format=json","purl":"pkg:deb/debian/ed@1.21.1-1?distro=trixie","type":"deb","namespace":"debian","name":"ed","version":"1.21.1-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.22.5-1","latest_non_vulnerable_version":"1.22.5-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66434?format=json","vulnerability_id":"VCID-cn2u-tj3c-33bc","summary":"Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename.  NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3916.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3916.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3916","reference_id":"","reference_type":"","scores":[{"value":"0.0467","scoring_system":"epss","scoring_elements":"0.89509","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0467","scoring_system":"epss","scoring_elements":"0.89527","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0467","scoring_system":"epss","scoring_elements":"0.89526","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0467","scoring_system":"epss","scoring_elements":"0.89525","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0467","scoring_system":"epss","scoring_elements":"0.89543","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3916"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=462584","reference_id":"462584","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=462584"},{"reference_url":"https://security.gentoo.org/glsa/200809-15","reference_id":"GLSA-200809-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200809-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0946","reference_id":"RHSA-2008:0946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0946"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93348?format=json","purl":"pkg:deb/debian/ed@0.7-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ed@0.7-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93345?format=json","purl":"pkg:deb/debian/ed@1.17-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ed@1.17-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93343?format=json","purl":"pkg:deb/debian/ed@1.19-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ed@1.19-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93347?format=json","purl":"pkg:deb/debian/ed@1.21.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ed@1.21.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93346?format=json","purl":"pkg:deb/debian/ed@1.22.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ed@1.22.5-1%3Fdistro=trixie"}],"aliases":["CVE-2008-3916"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cn2u-tj3c-33bc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66435?format=json","vulnerability_id":"VCID-qcyc-61md-qud5","summary":"regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5357.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5357.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5357","reference_id":"","reference_type":"","scores":[{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.7756","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.77597","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.77595","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.77576","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.77587","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5357"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1413901","reference_id":"1413901","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1413901"},{"reference_url":"https://security.archlinux.org/ASA-201701-31","reference_id":"ASA-201701-31","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-31"},{"reference_url":"https://security.archlinux.org/AVG-145","reference_id":"AVG-145","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-145"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93349?format=json","purl":"pkg:deb/debian/ed@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ed@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93345?format=json","purl":"pkg:deb/debian/ed@1.17-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ed@1.17-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93343?format=json","purl":"pkg:deb/debian/ed@1.19-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ed@1.19-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93347?format=json","purl":"pkg:deb/debian/ed@1.21.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ed@1.21.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93346?format=json","purl":"pkg:deb/debian/ed@1.22.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ed@1.22.5-1%3Fdistro=trixie"}],"aliases":["CVE-2017-5357"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qcyc-61md-qud5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66433?format=json","vulnerability_id":"VCID-zt9h-xu8a-nbbv","summary":"GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-6939.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-6939.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-6939","reference_id":"","reference_type":"","scores":[{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27243","published_at":"2026-06-04T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27312","published_at":"2026-06-05T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.2726","published_at":"2026-06-06T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.2722","published_at":"2026-06-07T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27171","published_at":"2026-06-08T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27181","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-6939"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6939","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6939"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=223075","reference_id":"223075","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=223075"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93344?format=json","purl":"pkg:deb/debian/ed@0.2-19?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ed@0.2-19%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93345?format=json","purl":"pkg:deb/debian/ed@1.17-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ed@1.17-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93343?format=json","purl":"pkg:deb/debian/ed@1.19-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ed@1.19-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93347?format=json","purl":"pkg:deb/debian/ed@1.21.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ed@1.21.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93346?format=json","purl":"pkg:deb/debian/ed@1.22.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ed@1.22.5-1%3Fdistro=trixie"}],"aliases":["CVE-2006-6939"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zt9h-xu8a-nbbv"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ed@1.21.1-1%3Fdistro=trixie"}