{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80587?format=json","vulnerability_id":"VCID-putx-w4r1-dqf9","summary":"JDK: Stack-based buffer overflow when converting from UTF-8 characters to platform encoding","aliases":[{"alias":"CVE-2020-27221"}],"fixed_packages":[],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101028?format=json","purl":"pkg:rpm/redhat/java-1.7.1-ibm@1:1.7.1.4.80-1jpp.1?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mh6k-v939-m7hj"},{"vulnerability":"VCID-putx-w4r1-dqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/java-1.7.1-ibm@1:1.7.1.4.80-1jpp.1%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/101027?format=json","purl":"pkg:rpm/redhat/java-1.8.0-ibm@1:1.8.0.6.25-1jpp.1?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95d9-a86j-tkdy"},{"vulnerability":"VCID-jc9v-4116-4yas"},{"vulnerability":"VCID-mh6k-v939-m7hj"},{"vulnerability":"VCID-putx-w4r1-dqf9"},{"vulnerability":"VCID-vssb-tgq1-p3g8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/java-1.8.0-ibm@1:1.8.0.6.25-1jpp.1%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/101029?format=json","purl":"pkg:rpm/redhat/java-1.8.0-ibm@1:1.8.0.6.25-2?arch=el8_3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95d9-a86j-tkdy"},{"vulnerability":"VCID-jc9v-4116-4yas"},{"vulnerability":"VCID-mh6k-v939-m7hj"},{"vulnerability":"VCID-putx-w4r1-dqf9"},{"vulnerability":"VCID-vssb-tgq1-p3g8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/java-1.8.0-ibm@1:1.8.0.6.25-2%3Farch=el8_3"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27221.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27221.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27221","reference_id":"","reference_type":"","scores":[{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.72562","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.7257","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.72586","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.72563","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.72601","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.72612","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.72636","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.72618","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.72608","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.7265","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.72661","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.72651","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.72693","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.72702","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.72698","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.7269","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.7272","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.72744","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.72708","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.72733","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.72787","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.72795","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27221"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1928555","reference_id":"1928555","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1928555"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0717","reference_id":"RHSA-2021:0717","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0717"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0733","reference_id":"RHSA-2021:0733","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0733"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0736","reference_id":"RHSA-2021:0736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0736"}],"weaknesses":[{"cwe_id":119,"name":"Improper Restriction of Operations within the Bounds of a Memory Buffer","description":"The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer."}],"exploits":[],"severity_range_score":"9.8 - 9.8","exploitability":"0.5","weighted_severity":"8.8","risk_score":4.4,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-putx-w4r1-dqf9"}