VulnerableCode Package Details - pkg:deb/debian/libusrsctp@0.9.3.0%2B20190127-2

Search for packages

Package details: pkg:deb/debian/libusrsctp@0.9.3.0%2B20190127-2

Essentials
History (2)

purl	pkg:deb/debian/libusrsctp@0.9.3.0%2B20190127-2

Next non-vulnerable version	0.9.3.0+20201102-2
Latest non-vulnerable version	0.9.3.0+20201102-2
Risk	4.5

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-fnfk-qv8d-gkfw Aliases: CVE-2022-46871	An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited.	0.9.3.0+20201102-2 Affected by 0 other vulnerabilities.
VCID-gn2y-ay81-vkbp Aliases: CVE-2019-20503	The inputs to sctp_load_addresses_from_init are verified by sctp_arethere_unrecognized_parameters; however, the two functions handled parameter bounds differently, resulting in out of bounds reads when parameters are partially outside a chunk.	0.9.3.0+20201102-2 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T19:21:06.043775+00:00	Debian Oval Importer	Affected by	VCID-fnfk-qv8d-gkfw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:02:27.801379+00:00	Debian Oval Importer	Affected by	VCID-gn2y-ay81-vkbp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0