Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-n51n-m2r7-kbdy
Vulnerability ID VCID-n51n-m2r7-kbdy
Aliases CVE-2019-12900
Summary bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-1214 Data Integrity Issues
System Score Found at
cvssv3.1 9.8 http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html
ssvc Track http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html
cvssv3.1 9.8 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html
ssvc Track http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html
cvssv3.1 9.8 http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html
ssvc Track http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html
cvssv3.1 9.8 http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html
ssvc Track http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html
cvssv3.1 9.8 http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html
ssvc Track http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html
cvssv3.1 9.8 http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html
ssvc Track http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html
cvssv3 4.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12900.json
epss 0.01111 https://api.first.org/data/v1/epss?cve=CVE-2019-12900
epss 0.01111 https://api.first.org/data/v1/epss?cve=CVE-2019-12900
epss 0.01111 https://api.first.org/data/v1/epss?cve=CVE-2019-12900
epss 0.01111 https://api.first.org/data/v1/epss?cve=CVE-2019-12900
epss 0.01111 https://api.first.org/data/v1/epss?cve=CVE-2019-12900
epss 0.01111 https://api.first.org/data/v1/epss?cve=CVE-2019-12900
epss 0.01111 https://api.first.org/data/v1/epss?cve=CVE-2019-12900
epss 0.01132 https://api.first.org/data/v1/epss?cve=CVE-2019-12900
epss 0.01132 https://api.first.org/data/v1/epss?cve=CVE-2019-12900
cvssv3 8.4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 9.8 https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
ssvc Track https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
cvssv3.1 9.8 https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E
ssvc Track https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E
ssvc Track https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E
ssvc Track https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E
cvssv3.1 9.8 https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html
ssvc Track https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html
cvssv3.1 9.8 https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html
ssvc Track https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html
cvssv3.1 9.8 https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html
ssvc Track https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html
cvssv3.1 9.8 https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html
ssvc Track https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html
cvssv3.1 9.8 https://seclists.org/bugtraq/2019/Aug/4
ssvc Track https://seclists.org/bugtraq/2019/Aug/4
cvssv3.1 9.8 https://seclists.org/bugtraq/2019/Jul/22
ssvc Track https://seclists.org/bugtraq/2019/Jul/22
cvssv3.1 9.8 https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc
ssvc Track https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc
cvssv3.1 9.8 https://support.f5.com/csp/article/K68713584?utm_source=f5support&amp%3Butm_medium=RSS
ssvc Track https://support.f5.com/csp/article/K68713584?utm_source=f5support&amp%3Butm_medium=RSS
cvssv3.1 9.8 https://usn.ubuntu.com/4038-1/
ssvc Track https://usn.ubuntu.com/4038-1/
cvssv3.1 9.8 https://usn.ubuntu.com/4038-2/
ssvc Track https://usn.ubuntu.com/4038-2/
cvssv3.1 9.8 https://usn.ubuntu.com/4146-1/
ssvc Track https://usn.ubuntu.com/4146-1/
cvssv3.1 9.8 https://usn.ubuntu.com/4146-2/
ssvc Track https://usn.ubuntu.com/4146-2/
cvssv3.1 9.8 https://www.oracle.com/security-alerts/cpuoct2020.html
ssvc Track https://www.oracle.com/security-alerts/cpuoct2020.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12900.json
https://api.first.org/data/v1/epss?cve=CVE-2019-12900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2332075 https://bugzilla.redhat.com/show_bug.cgi?id=2332075
74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
930886 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930886
934359 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934359
K68713584?utm_source=f5support&amp%3Butm_medium=RSS https://support.f5.com/csp/article/K68713584?utm_source=f5support&amp%3Butm_medium=RSS
msg00012.html https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html
msg00014.html https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html
msg00018.html https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html
msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html
msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html
rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E
rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E
RHSA-2024:10803 https://access.redhat.com/errata/RHSA-2024:10803
RHSA-2024:8922 https://access.redhat.com/errata/RHSA-2024:8922
RHSA-2025:0733 https://access.redhat.com/errata/RHSA-2025:0733
RHSA-2025:0925 https://access.redhat.com/errata/RHSA-2025:0925
RHSA-2025:1154 https://access.redhat.com/errata/RHSA-2025:1154
USN-4038-1 https://usn.ubuntu.com/4038-1/
USN-4038-2 https://usn.ubuntu.com/4038-2/
USN-4146-1 https://usn.ubuntu.com/4146-1/
USN-4146-2 https://usn.ubuntu.com/4146-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/ Found at http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/ Found at http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12900.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/ Found at https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/ Found at https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/ Found at https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/ Found at https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/ Found at https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/ Found at https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/ Found at https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/ Found at https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://seclists.org/bugtraq/2019/Aug/4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/ Found at https://seclists.org/bugtraq/2019/Aug/4
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://seclists.org/bugtraq/2019/Jul/22
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/ Found at https://seclists.org/bugtraq/2019/Jul/22
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/ Found at https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://support.f5.com/csp/article/K68713584?utm_source=f5support&amp%3Butm_medium=RSS
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/ Found at https://support.f5.com/csp/article/K68713584?utm_source=f5support&amp%3Butm_medium=RSS
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://usn.ubuntu.com/4038-1/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/ Found at https://usn.ubuntu.com/4038-1/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://usn.ubuntu.com/4038-2/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/ Found at https://usn.ubuntu.com/4038-2/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://usn.ubuntu.com/4146-1/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/ Found at https://usn.ubuntu.com/4146-1/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://usn.ubuntu.com/4146-2/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/ Found at https://usn.ubuntu.com/4146-2/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpuoct2020.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/ Found at https://www.oracle.com/security-alerts/cpuoct2020.html
Exploit Prediction Scoring System (EPSS)
Percentile 0.78129
EPSS Score 0.01111
Published At April 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:44:00.608918+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12900.json 38.0.0