{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201561?format=json","vulnerability_id":"VCID-dea4-hngy-yka6","summary":"Dopewars 1.5.12 allows remote attackers to cause a denial of service (segmentation fault) via a REQUESTJET message with an invalid location.","aliases":[{"alias":"CVE-2009-3591"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/37986?format=json","purl":"pkg:deb/debian/dopewars@1.5.12-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dopewars@1.5.12-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1088657?format=json","purl":"pkg:deb/debian/dopewars@1.5.12-10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dopewars@1.5.12-10"},{"url":"http://public2.vulnerablecode.io/api/packages/37982?format=json","purl":"pkg:deb/debian/dopewars@1.5.12-19?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dopewars@1.5.12-19%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/37980?format=json","purl":"pkg:deb/debian/dopewars@1.6.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dopewars@1.6.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/37985?format=json","purl":"pkg:deb/debian/dopewars@1.6.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dopewars@1.6.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/37983?format=json","purl":"pkg:deb/debian/dopewars@1.6.2-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dopewars@1.6.2-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/37984?format=json","purl":"pkg:deb/debian/dopewars@1.6.2-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dopewars@1.6.2-4%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1088653?format=json","purl":"pkg:deb/debian/dopewars@1.5.3-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dea4-hngy-yka6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dopewars@1.5.3-4"},{"url":"http://public2.vulnerablecode.io/api/packages/1088654?format=json","purl":"pkg:deb/debian/dopewars@1.5.10-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dea4-hngy-yka6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dopewars@1.5.10-2"},{"url":"http://public2.vulnerablecode.io/api/packages/1088655?format=json","purl":"pkg:deb/debian/dopewars@1.5.12-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dea4-hngy-yka6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dopewars@1.5.12-2"},{"url":"http://public2.vulnerablecode.io/api/packages/1088656?format=json","purl":"pkg:deb/debian/dopewars@1.5.12-7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dea4-hngy-yka6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dopewars@1.5.12-7"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3591.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3591.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3591","reference_id":"","reference_type":"","scores":[{"value":"0.71287","scoring_system":"epss","scoring_elements":"0.98739","published_at":"2026-06-11T12:55:00Z"},{"value":"0.71287","scoring_system":"epss","scoring_elements":"0.98743","published_at":"2026-06-12T12:55:00Z"},{"value":"0.71287","scoring_system":"epss","scoring_elements":"0.98744","published_at":"2026-06-13T12:55:00Z"},{"value":"0.71287","scoring_system":"epss","scoring_elements":"0.98745","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3591","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3591"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=528081","reference_id":"528081","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=528081"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550913","reference_id":"550913","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550913"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33269.txt","reference_id":"CVE-2009-3591;OSVDB-58884","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33269.txt"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/10004.txt","reference_id":"CVE-2009-3591;OSVDB-58884","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/10004.txt"},{"reference_url":"https://www.securityfocus.com/bid/36606/info","reference_id":"CVE-2009-3591;OSVDB-58884","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/36606/info"}],"weaknesses":[],"exploits":[{"date_added":"2009-10-05","description":"Dopewars Server 1.5.12 - Denial of Service","required_action":null,"due_date":null,"notes":null,"known_ransomware_campaign_use":true,"source_date_published":"2009-10-06","exploit_type":"dos","platform":"multiple","source_date_updated":"2016-10-27","data_source":"Exploit-DB","source_url":""},{"date_added":null,"description":"The jet command in Dopewars 1.5.12 is vulnerable to a segmentation fault due to\n          a lack of input validation.","required_action":null,"due_date":null,"notes":"Stability:\n  - crash-service-down\nSideEffects: []\nReliability: []\n","known_ransomware_campaign_use":false,"source_date_published":"2009-10-05","exploit_type":null,"platform":"","source_date_updated":null,"data_source":"Metasploit","source_url":"https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/dos/misc/dopewars.rb"}],"severity_range_score":null,"exploitability":"2.0","weighted_severity":"0.6","risk_score":1.2,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dea4-hngy-yka6"}