{"url":"http://public2.vulnerablecode.io/api/packages/935295?format=json","purl":"pkg:deb/debian/picolibc@1.8.11-2?distro=trixie","type":"deb","namespace":"debian","name":"picolibc","version":"1.8.11-2","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94034?format=json","vulnerability_id":"VCID-4z5d-zj37-yfcc","summary":"The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and other newlib macros in versions prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset (as is the case in production firmware builds).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14871","reference_id":"","reference_type":"","scores":[{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64427","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64393","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64414","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64276","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64334","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64363","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64321","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.6437","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64384","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64397","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64355","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64391","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64402","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14871"},{"reference_url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/","reference_id":"","reference_type":"","scores":[],"url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14871"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14871","reference_id":"CVE-2019-14871","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14871"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935292?format=json","purl":"pkg:deb/debian/picolibc@1.4.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.4.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935293?format=json","purl":"pkg:deb/debian/picolibc@1.5.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.5.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935291?format=json","purl":"pkg:deb/debian/picolibc@1.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935296?format=json","purl":"pkg:deb/debian/picolibc@1.8.10-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935294?format=json","purl":"pkg:deb/debian/picolibc@1.8.10-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935295?format=json","purl":"pkg:deb/debian/picolibc@1.8.11-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.11-2%3Fdistro=trixie"}],"aliases":["CVE-2019-14871"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4z5d-zj37-yfcc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94035?format=json","vulnerability_id":"VCID-6y3x-44kq-wkgt","summary":"The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory allocations without checking their return value. This could result in NULL pointer dereference.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14872","reference_id":"","reference_type":"","scores":[{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.6165","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.6164","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61656","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.6149","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61564","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61593","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61612","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61626","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61647","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61636","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61616","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61658","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61663","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61648","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14872"},{"reference_url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/","reference_id":"","reference_type":"","scores":[],"url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14872","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14872"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14872","reference_id":"CVE-2019-14872","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14872"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935292?format=json","purl":"pkg:deb/debian/picolibc@1.4.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.4.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935293?format=json","purl":"pkg:deb/debian/picolibc@1.5.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.5.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935291?format=json","purl":"pkg:deb/debian/picolibc@1.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935296?format=json","purl":"pkg:deb/debian/picolibc@1.8.10-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935294?format=json","purl":"pkg:deb/debian/picolibc@1.8.10-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935295?format=json","purl":"pkg:deb/debian/picolibc@1.8.11-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.11-2%3Fdistro=trixie"}],"aliases":["CVE-2019-14872"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6y3x-44kq-wkgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94038?format=json","vulnerability_id":"VCID-c26b-vetm-y3ak","summary":"In the __multiply function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14875","reference_id":"","reference_type":"","scores":[{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.6076","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60755","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60768","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60605","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.6068","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60709","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60728","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60743","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60767","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60754","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60735","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60778","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60782","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14875"},{"reference_url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/","reference_id":"","reference_type":"","scores":[],"url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14875","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14875"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14875","reference_id":"CVE-2019-14875","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14875"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935297?format=json","purl":"pkg:deb/debian/picolibc@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935293?format=json","purl":"pkg:deb/debian/picolibc@1.5.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.5.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935291?format=json","purl":"pkg:deb/debian/picolibc@1.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935296?format=json","purl":"pkg:deb/debian/picolibc@1.8.10-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935294?format=json","purl":"pkg:deb/debian/picolibc@1.8.10-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935295?format=json","purl":"pkg:deb/debian/picolibc@1.8.11-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.11-2%3Fdistro=trixie"}],"aliases":["CVE-2019-14875"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c26b-vetm-y3ak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94036?format=json","vulnerability_id":"VCID-ecf9-k21a-t3c8","summary":"In the __multadd function of the newlib libc library, prior to versions 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. This will trigger a null pointer dereference bug in case of a memory allocation failure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14873","reference_id":"","reference_type":"","scores":[{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.6076","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60755","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60768","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60605","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.6068","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60709","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60728","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60743","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60767","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60754","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60735","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60778","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60782","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14873"},{"reference_url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/","reference_id":"","reference_type":"","scores":[],"url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14873"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14873","reference_id":"CVE-2019-14873","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14873"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935292?format=json","purl":"pkg:deb/debian/picolibc@1.4.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.4.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935293?format=json","purl":"pkg:deb/debian/picolibc@1.5.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.5.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935291?format=json","purl":"pkg:deb/debian/picolibc@1.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935296?format=json","purl":"pkg:deb/debian/picolibc@1.8.10-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935294?format=json","purl":"pkg:deb/debian/picolibc@1.8.10-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935295?format=json","purl":"pkg:deb/debian/picolibc@1.8.11-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.11-2%3Fdistro=trixie"}],"aliases":["CVE-2019-14873"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ecf9-k21a-t3c8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94041?format=json","vulnerability_id":"VCID-k2zw-2gbs-eugx","summary":"In the __d2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. Accessing _x will trigger a null pointer dereference bug in case of a memory allocation failure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14878","reference_id":"","reference_type":"","scores":[{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.5406","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.5413","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.5411","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54005","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54023","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54049","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54026","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54078","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54076","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54122","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54104","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54087","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54126","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14878"},{"reference_url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/","reference_id":"","reference_type":"","scores":[],"url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14878","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14878"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14878","reference_id":"CVE-2019-14878","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14878"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935292?format=json","purl":"pkg:deb/debian/picolibc@1.4.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.4.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935293?format=json","purl":"pkg:deb/debian/picolibc@1.5.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.5.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935291?format=json","purl":"pkg:deb/debian/picolibc@1.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935296?format=json","purl":"pkg:deb/debian/picolibc@1.8.10-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935294?format=json","purl":"pkg:deb/debian/picolibc@1.8.10-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935295?format=json","purl":"pkg:deb/debian/picolibc@1.8.11-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.11-2%3Fdistro=trixie"}],"aliases":["CVE-2019-14878"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k2zw-2gbs-eugx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94037?format=json","vulnerability_id":"VCID-n637-g4ee-tuhz","summary":"In the __i2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _ x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14874","reference_id":"","reference_type":"","scores":[{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.6076","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60755","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60768","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60605","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.6068","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60709","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60728","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60743","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60767","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60754","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60735","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60778","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60782","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14874"},{"reference_url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/","reference_id":"","reference_type":"","scores":[],"url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14874","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14874"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14874","reference_id":"CVE-2019-14874","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14874"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935292?format=json","purl":"pkg:deb/debian/picolibc@1.4.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.4.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935293?format=json","purl":"pkg:deb/debian/picolibc@1.5.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.5.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935291?format=json","purl":"pkg:deb/debian/picolibc@1.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935296?format=json","purl":"pkg:deb/debian/picolibc@1.8.10-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935294?format=json","purl":"pkg:deb/debian/picolibc@1.8.10-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935295?format=json","purl":"pkg:deb/debian/picolibc@1.8.11-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.11-2%3Fdistro=trixie"}],"aliases":["CVE-2019-14874"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n637-g4ee-tuhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94040?format=json","vulnerability_id":"VCID-nsa5-ccpm-pufk","summary":"In the __mdiff function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate big integers, however no check is performed to verify if the allocation succeeded or not. The access to _wds and _sign will trigger a null pointer dereference bug in case of a memory allocation failure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14877","reference_id":"","reference_type":"","scores":[{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.5406","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.5413","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.5411","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54005","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54023","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54049","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54026","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54078","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54076","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54122","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54104","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54087","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54126","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14877"},{"reference_url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/","reference_id":"","reference_type":"","scores":[],"url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14877"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14877","reference_id":"CVE-2019-14877","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14877"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935292?format=json","purl":"pkg:deb/debian/picolibc@1.4.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.4.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935293?format=json","purl":"pkg:deb/debian/picolibc@1.5.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.5.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935291?format=json","purl":"pkg:deb/debian/picolibc@1.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935296?format=json","purl":"pkg:deb/debian/picolibc@1.8.10-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935294?format=json","purl":"pkg:deb/debian/picolibc@1.8.10-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935295?format=json","purl":"pkg:deb/debian/picolibc@1.8.11-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.11-2%3Fdistro=trixie"}],"aliases":["CVE-2019-14877"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nsa5-ccpm-pufk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94794?format=json","vulnerability_id":"VCID-pw8g-an3z-jydv","summary":"A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3420","reference_id":"","reference_type":"","scores":[{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33939","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33977","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33962","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33931","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33558","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33537","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33453","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39666","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39801","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39815","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39838","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39759","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39814","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39828","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39837","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3420"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3420","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3420"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984446","reference_id":"984446","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984446"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935298?format=json","purl":"pkg:deb/debian/picolibc@1.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935293?format=json","purl":"pkg:deb/debian/picolibc@1.5.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.5.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935291?format=json","purl":"pkg:deb/debian/picolibc@1.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935296?format=json","purl":"pkg:deb/debian/picolibc@1.8.10-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935294?format=json","purl":"pkg:deb/debian/picolibc@1.8.10-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935295?format=json","purl":"pkg:deb/debian/picolibc@1.8.11-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.11-2%3Fdistro=trixie"}],"aliases":["CVE-2021-3420"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pw8g-an3z-jydv"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.11-2%3Fdistro=trixie"}