{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4875?format=json","vulnerability_id":"VCID-tb72-ztnv-37fr","summary":"","aliases":[{"alias":"CVE-2018-15688"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9015?format=json","purl":"pkg:alpm/archlinux/systemd@239.300-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/systemd@239.300-1"},{"url":"http://public2.vulnerablecode.io/api/packages/95924?format=json","purl":"pkg:deb/debian/network-manager@1.14.4-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/network-manager@1.14.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95914?format=json","purl":"pkg:deb/debian/network-manager@1.30.6-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ncn8-s4qp-mufn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/network-manager@1.30.6-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95912?format=json","purl":"pkg:deb/debian/network-manager@1.42.4-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ncn8-s4qp-mufn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/network-manager@1.42.4-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95916?format=json","purl":"pkg:deb/debian/network-manager@1.52.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ncn8-s4qp-mufn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/network-manager@1.52.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95915?format=json","purl":"pkg:deb/debian/network-manager@1.56.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/network-manager@1.56.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104974?format=json","purl":"pkg:deb/debian/systemd@239-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@239-11%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104959?format=json","purl":"pkg:deb/debian/systemd@247.3-7%2Bdeb11u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q1u8-b3md-9ua7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@247.3-7%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104957?format=json","purl":"pkg:deb/debian/systemd@252.39-1~deb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@252.39-1~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104962?format=json","purl":"pkg:deb/debian/systemd@257.13-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@257.13-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104960?format=json","purl":"pkg:deb/debian/systemd@260.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@260.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104961?format=json","purl":"pkg:deb/debian/systemd@261~rc3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@261~rc3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/7888?format=json","purl":"pkg:ebuild/sys-apps/systemd@239-r2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/sys-apps/systemd@239-r2"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9014?format=json","purl":"pkg:alpm/archlinux/systemd@239.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7amp-z3k4-ufh6"},{"vulnerability":"VCID-ec6u-vxtg-yugn"},{"vulnerability":"VCID-fws1-gzyn-z7gp"},{"vulnerability":"VCID-pq72-6u9b-ayfk"},{"vulnerability":"VCID-tb72-ztnv-37fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/systemd@239.2-1"},{"url":"http://public2.vulnerablecode.io/api/packages/348692?format=json","purl":"pkg:rpm/redhat/NetworkManager@1:1.12.0-8?arch=el7_6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tb72-ztnv-37fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/NetworkManager@1:1.12.0-8%3Farch=el7_6"},{"url":"http://public2.vulnerablecode.io/api/packages/348342?format=json","purl":"pkg:rpm/redhat/systemd@219-62.el7_6?arch=2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mr3g-c2ww-57ap"},{"vulnerability":"VCID-tb72-ztnv-37fr"},{"vulnerability":"VCID-ursg-w5fa-nug1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/systemd@219-62.el7_6%3Farch=2"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15688.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15688.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15688","reference_id":"","reference_type":"","scores":[{"value":"0.0069","scoring_system":"epss","scoring_elements":"0.72271","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15688"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15688","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15688"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/systemd/systemd/pull/10518","reference_id":"10518","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:55:22Z/"}],"url":"https://github.com/systemd/systemd/pull/10518"},{"reference_url":"http://www.securityfocus.com/bid/105745","reference_id":"105745","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:55:22Z/"}],"url":"http://www.securityfocus.com/bid/105745"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1639067","reference_id":"1639067","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1639067"},{"reference_url":"https://security.gentoo.org/glsa/201810-10","reference_id":"201810-10","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:55:22Z/"}],"url":"https://security.gentoo.org/glsa/201810-10"},{"reference_url":"https://usn.ubuntu.com/3806-1/","reference_id":"3806-1","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:55:22Z/"}],"url":"https://usn.ubuntu.com/3806-1/"},{"reference_url":"https://usn.ubuntu.com/3807-1/","reference_id":"3807-1","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:55:22Z/"}],"url":"https://usn.ubuntu.com/3807-1/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912008","reference_id":"912008","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912008"},{"reference_url":"https://security.archlinux.org/ASA-201811-11","reference_id":"ASA-201811-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201811-11"},{"reference_url":"https://security.archlinux.org/AVG-789","reference_id":"AVG-789","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-789"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html","reference_id":"msg00017.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:55:22Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html"},{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0327","reference_id":"RHBA-2019:0327","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:55:22Z/"}],"url":"https://access.redhat.com/errata/RHBA-2019:0327"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3665","reference_id":"RHSA-2018:3665","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:55:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:3665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0049","reference_id":"RHSA-2019:0049","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:55:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:0049"}],"weaknesses":[{"cwe_id":131,"name":"Incorrect Calculation of Buffer Size","description":"The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow."},{"cwe_id":190,"name":"Integer Overflow or Wraparound","description":"The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control."},{"cwe_id":122,"name":"Heap-based Buffer Overflow","description":"A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc()."}],"exploits":[],"severity_range_score":"8.8 - 10.0","exploitability":"0.5","weighted_severity":"9.0","risk_score":4.5,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tb72-ztnv-37fr"}