VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-mtfq-ngz6-aaad

Essentials
Severities (112)
References (39)
Severity details (24)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-mtfq-ngz6-aaad
Aliases	CVE-2021-31525 GHSA-h86h-8ppg-mxmh
Summary	net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-674	Uncontrolled Recursion
CWE-20	Improper Input Validation
CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

System	Score	Found at
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:2704
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:2705
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:2983
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:2984
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:3076
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:3248
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:3487
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:3555
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:3556
rhas	Low	https://access.redhat.com/errata/RHSA-2021:3733
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:3748
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:3759
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:4103
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:4104
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:5072
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:0191
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:0308
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:0577
cvssv3	5.9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31525.json
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.00579	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.00579	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.00579	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.00579	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.00850	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.00850	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.00850	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.00850	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.00850	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.00850	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.00850	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.00850	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.00850	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.00850	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.00850	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
epss	0.00850	https://api.first.org/data/v1/epss?cve=CVE-2021-31525
cvssv3.1	6.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.3	https://github.com/golang/go
generic_textual	MODERATE	https://github.com/golang/go
cvssv3.1	5.9	https://github.com/golang/go/issues/45710
generic_textual	MODERATE	https://github.com/golang/go/issues/45710
cvssv3.1	5.9	https://go.dev/cl/313069
generic_textual	MODERATE	https://go.dev/cl/313069
cvssv3.1	5.9	https://go.dev/issue/45710
generic_textual	MODERATE	https://go.dev/issue/45710
cvssv3.1	5.9	https://go.googlesource.com/net/+/89ef3d95e781148a0951956029c92a211477f7f9
generic_textual	MODERATE	https://go.googlesource.com/net/+/89ef3d95e781148a0951956029c92a211477f7f9
cvssv3.1	5.9	https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc
generic_textual	MODERATE	https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc
cvssv3.1	5.9	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF
cvssv2	2.6	https://nvd.nist.gov/vuln/detail/CVE-2021-31525
cvssv3	5.9	https://nvd.nist.gov/vuln/detail/CVE-2021-31525
cvssv3.1	5.9	https://nvd.nist.gov/vuln/detail/CVE-2021-31525
cvssv3.1	5.9	https://pkg.go.dev/vuln/GO-2022-0236
generic_textual	MODERATE	https://pkg.go.dev/vuln/GO-2022-0236
archlinux	Low	https://security.archlinux.org/AVG-1927
cvssv3.1	5.3	https://security.gentoo.org/glsa/202208-02
generic_textual	MODERATE	https://security.gentoo.org/glsa/202208-02

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31525.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-31525
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31525
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/golang/go
		https://github.com/golang/go/issues/45710
		https://go.dev/cl/313069
		https://go.dev/issue/45710
		https://go.googlesource.com/net/+/89ef3d95e781148a0951956029c92a211477f7f9
		https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/
		https://pkg.go.dev/vuln/GO-2022-0236
		https://security.gentoo.org/glsa/202208-02
AVG-1927		https://security.archlinux.org/AVG-1927
cpe:2.3:a:golang:go::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go::::::::
cpe:2.3:o:fedoraproject:fedora:34:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:::::::*
CVE-2021-31525		https://nvd.nist.gov/vuln/detail/CVE-2021-31525
RHBA-2021:2854		https://bugzilla.redhat.com/show_bug.cgi?id=1958341
RHSA-2021:2543		https://access.redhat.com/errata/RHSA-2021:2543
RHSA-2021:2704		https://access.redhat.com/errata/RHSA-2021:2704
RHSA-2021:2705		https://access.redhat.com/errata/RHSA-2021:2705
RHSA-2021:2983		https://access.redhat.com/errata/RHSA-2021:2983
RHSA-2021:2984		https://access.redhat.com/errata/RHSA-2021:2984
RHSA-2021:3076		https://access.redhat.com/errata/RHSA-2021:3076
RHSA-2021:3248		https://access.redhat.com/errata/RHSA-2021:3248
RHSA-2021:3487		https://access.redhat.com/errata/RHSA-2021:3487
RHSA-2021:3555		https://access.redhat.com/errata/RHSA-2021:3555
RHSA-2021:3556		https://access.redhat.com/errata/RHSA-2021:3556
RHSA-2021:3733		https://access.redhat.com/errata/RHSA-2021:3733
RHSA-2021:3748		https://access.redhat.com/errata/RHSA-2021:3748
RHSA-2021:3759		https://access.redhat.com/errata/RHSA-2021:3759
RHSA-2021:4103		https://access.redhat.com/errata/RHSA-2021:4103
RHSA-2021:4104		https://access.redhat.com/errata/RHSA-2021:4104
RHSA-2021:5072		https://access.redhat.com/errata/RHSA-2021:5072
RHSA-2022:0191		https://access.redhat.com/errata/RHSA-2022:0191
RHSA-2022:0308		https://access.redhat.com/errata/RHSA-2022:0308
RHSA-2022:0577		https://access.redhat.com/errata/RHSA-2022:0577

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31525.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/golang/go

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/golang/go/issues/45710

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://go.dev/cl/313069

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://go.dev/issue/45710

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://go.googlesource.com/net/+/89ef3d95e781148a0951956029c92a211477f7f9

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2021-31525

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-31525

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-31525

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://pkg.go.dev/vuln/GO-2022-0236

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://security.gentoo.org/glsa/202208-02

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.00521
EPSS Score	0.0001
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.