Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/66490?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66490?format=api", "vulnerability_id": "VCID-cc9h-567q-a7b9", "summary": "mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807.", "aliases": [ { "alias": "CVE-2009-1789" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93401?format=api", "purl": "pkg:deb/debian/eggdrop@1.6.19-1.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/eggdrop@1.6.19-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/673237?format=api", "purl": "pkg:deb/debian/eggdrop@1.6.19-1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/eggdrop@1.6.19-1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/93398?format=api", "purl": "pkg:deb/debian/eggdrop@1.8.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/eggdrop@1.8.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93396?format=api", "purl": "pkg:deb/debian/eggdrop@1.8.4%2Brepack1-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/eggdrop@1.8.4%252Brepack1-0.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93399?format=api", "purl": "pkg:deb/debian/eggdrop@1.10.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/eggdrop@1.10.1-1%3Fdistro=trixie" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517559?format=api", "purl": "pkg:deb/debian/eggdrop@1.3.19-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-asus-zq52-s7am" }, { "vulnerability": "VCID-cc9h-567q-a7b9" }, { "vulnerability": "VCID-gcfx-2dd4-73e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/eggdrop@1.3.19-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/517560?format=api", "purl": "pkg:deb/debian/eggdrop@1.3.28-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-asus-zq52-s7am" }, { "vulnerability": "VCID-cc9h-567q-a7b9" }, { "vulnerability": "VCID-gcfx-2dd4-73e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/eggdrop@1.3.28-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/517561?format=api", "purl": "pkg:deb/debian/eggdrop@1.6.8-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-asus-zq52-s7am" }, { "vulnerability": "VCID-cc9h-567q-a7b9" }, { "vulnerability": "VCID-gcfx-2dd4-73e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/eggdrop@1.6.8-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/517562?format=api", "purl": "pkg:deb/debian/eggdrop@1.6.17-3sarge1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cc9h-567q-a7b9" }, { "vulnerability": "VCID-gcfx-2dd4-73e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/eggdrop@1.6.17-3sarge1" }, { "url": "http://public2.vulnerablecode.io/api/packages/517563?format=api", "purl": "pkg:deb/debian/eggdrop@1.6.18-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cc9h-567q-a7b9" }, { "vulnerability": "VCID-gcfx-2dd4-73e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/eggdrop@1.6.18-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/517564?format=api", "purl": "pkg:deb/debian/eggdrop@1.6.18-1etch2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cc9h-567q-a7b9" }, { "vulnerability": "VCID-gcfx-2dd4-73e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/eggdrop@1.6.18-1etch2" }, { "url": "http://public2.vulnerablecode.io/api/packages/517565?format=api", "purl": "pkg:deb/debian/eggdrop@1.6.19-1.1%2Blenny1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cc9h-567q-a7b9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/eggdrop@1.6.19-1.1%252Blenny1" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1789.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1789.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1789", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14219", "scoring_system": "epss", "scoring_elements": "0.94518", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.14219", "scoring_system": "epss", "scoring_elements": "0.94526", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.14219", "scoring_system": "epss", "scoring_elements": "0.94527", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.14219", "scoring_system": "epss", "scoring_elements": "0.9453", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.14219", "scoring_system": "epss", "scoring_elements": "0.94531", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.14219", "scoring_system": "epss", "scoring_elements": "0.94536", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1789" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1789" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=502650", "reference_id": "502650", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=502650" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528778", "reference_id": "528778", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528778" }, { "reference_url": "http://secunia.com/advisories/25276", "reference_id": "OSVDB-54460;CVE-2009-1789", "reference_type": "exploit", "scores": [], "url": "http://secunia.com/advisories/25276" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8695.txt", "reference_id": "OSVDB-54460;CVE-2009-1789", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8695.txt" } ], "weaknesses": [], "exploits": [ { "date_added": "2009-05-14", "description": "Eggdrop/Windrop 1.6.19 - ctcpbuf Remote Crash", "required_action": null, "due_date": null, "notes": null, "known_ransomware_campaign_use": true, "source_date_published": "2009-05-15", "exploit_type": "dos", "platform": "multiple", "source_date_updated": null, "data_source": "Exploit-DB", "source_url": "http://secunia.com/advisories/25276" } ], "severity_range_score": null, "exploitability": "2.0", "weighted_severity": "0.1", "risk_score": 0.2, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cc9h-567q-a7b9" }