VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-1pjh-3upb-aaaq

Essentials
Severities (106)
References (29)
Severity details (29)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-1pjh-3upb-aaaq
Aliases	CVE-2023-36478 GHSA-wgh7-54f2-x98r
Summary	HTTP/2 HPACK integer overflow and buffer allocation
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-190	Integer Overflow or Wraparound
CWE-400	Uncontrolled Resource Consumption
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2023:7247
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:7247
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36478.json
epss	0.00464	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.00464	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.00464	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.00487	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.00662	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.00795	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.00795	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.00795	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.00795	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.00795	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.00795	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.00795	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.00795	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.00795	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.00795	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.00795	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.0112	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.01151	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.01151	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.01151	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.01151	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.01151	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.01151	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.01151	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.01151	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.01797	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.01797	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.01797	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.01797	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.01797	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.22669	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.22669	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.22669	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.22669	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.22669	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.22669	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.22669	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.22669	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
epss	0.44156	https://api.first.org/data/v1/epss?cve=CVE-2023-36478
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-wgh7-54f2-x98r
cvssv3.1	3.5	https://github.com/eclipse/jetty.project
generic_textual	LOW	https://github.com/eclipse/jetty.project
cvssv3.1	7.5	https://github.com/eclipse/jetty.project/pull/9634
generic_textual	HIGH	https://github.com/eclipse/jetty.project/pull/9634
cvssv3.1	7.5	https://github.com/eclipse/jetty.project/releases/tag/jetty-10.0.16
generic_textual	HIGH	https://github.com/eclipse/jetty.project/releases/tag/jetty-10.0.16
cvssv3.1	7.5	https://github.com/eclipse/jetty.project/releases/tag/jetty-11.0.16
generic_textual	HIGH	https://github.com/eclipse/jetty.project/releases/tag/jetty-11.0.16
cvssv3.1	7.5	https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.53.v20231009
generic_textual	HIGH	https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.53.v20231009
cvssv3.1_qr	HIGH	https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r
cvssv3.1_qr	HIGH	https://github.com/jetty/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r
cvssv3.1	5.3	https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html
generic_textual	MODERATE	https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-36478
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-36478
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20231116-0011
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20231116-0011
cvssv3.1	6.5	https://security.netapp.com/advisory/ntap-20240621-0006
generic_textual	MODERATE	https://security.netapp.com/advisory/ntap-20240621-0006
cvssv3.1	5.3	https://www.debian.org/security/2023/dsa-5540
generic_textual	MODERATE	https://www.debian.org/security/2023/dsa-5540
cvssv3.1	5.3	http://www.openwall.com/lists/oss-security/2023/10/18/4
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2023/10/18/4

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36478.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-36478
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36478
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/eclipse/jetty.project
		https://github.com/eclipse/jetty.project/pull/9634
		https://github.com/eclipse/jetty.project/releases/tag/jetty-10.0.16
		https://github.com/eclipse/jetty.project/releases/tag/jetty-11.0.16
		https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.53.v20231009
		https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html
		https://security.netapp.com/advisory/ntap-20231116-0011
		https://security.netapp.com/advisory/ntap-20231116-0011/
		https://security.netapp.com/advisory/ntap-20240621-0006
		https://security.netapp.com/advisory/ntap-20240621-0006/
		https://www.debian.org/security/2023/dsa-5540
		http://www.openwall.com/lists/oss-security/2023/10/18/4
2243123		https://bugzilla.redhat.com/show_bug.cgi?id=2243123
cpe:2.3:a:eclipse:jetty::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty::::::::
cpe:2.3:a:jenkins:jenkins:::::-:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::-:::*
cpe:2.3:a:jenkins:jenkins:::::lts:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:debian:debian_linux:12.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:::::::*
CVE-2023-36478		https://nvd.nist.gov/vuln/detail/CVE-2023-36478
GHSA-wgh7-54f2-x98r		https://github.com/advisories/GHSA-wgh7-54f2-x98r
GHSA-wgh7-54f2-x98r		https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r
GHSA-wgh7-54f2-x98r		https://github.com/jetty/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r
RHSA-2023:7247		https://access.redhat.com/errata/RHSA-2023:7247
RHSA-2024:3354		https://access.redhat.com/errata/RHSA-2024:3354

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2023:7247

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/ Found at https://access.redhat.com/errata/RHSA-2023:7247

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36478.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N Found at https://github.com/eclipse/jetty.project

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/eclipse/jetty.project/pull/9634

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/eclipse/jetty.project/releases/tag/jetty-10.0.16

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/eclipse/jetty.project/releases/tag/jetty-11.0.16

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.53.v20231009

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-36478

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-36478

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20231116-0011

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://security.netapp.com/advisory/ntap-20240621-0006

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://www.debian.org/security/2023/dsa-5540

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at http://www.openwall.com/lists/oss-security/2023/10/18/4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.75169
EPSS Score	0.00464
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.