VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-yu2j-f4q9-bbcx

Essentials
Severities (22)
References (11)
Severity details (13)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-yu2j-f4q9-bbcx
Aliases	CVE-2017-20005
Summary	nginx: buffer overflow in ngx_gmtime() triggered by 5 digit years
Status	Published
Exploitability	0.5
Weighted Severity	8.8
Risk	4.4
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-190	Integer Overflow or Wraparound
CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer

System	Score	Found at
cvssv3.1	9.8	http://nginx.org/en/CHANGES
ssvc	Track	http://nginx.org/en/CHANGES
cvssv3	9.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-20005.json
epss	0.0325	https://api.first.org/data/v1/epss?cve=CVE-2017-20005
epss	0.0325	https://api.first.org/data/v1/epss?cve=CVE-2017-20005
epss	0.0325	https://api.first.org/data/v1/epss?cve=CVE-2017-20005
epss	0.0325	https://api.first.org/data/v1/epss?cve=CVE-2017-20005
epss	0.0325	https://api.first.org/data/v1/epss?cve=CVE-2017-20005
epss	0.0325	https://api.first.org/data/v1/epss?cve=CVE-2017-20005
epss	0.0325	https://api.first.org/data/v1/epss?cve=CVE-2017-20005
epss	0.0325	https://api.first.org/data/v1/epss?cve=CVE-2017-20005
epss	0.0325	https://api.first.org/data/v1/epss?cve=CVE-2017-20005
cvssv3.1	9.8	https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf
ssvc	Track	https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf
cvssv3.1	9.8	https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b
ssvc	Track	https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b
cvssv3.1	9.8	https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html
cvssv3.1	9.8	https://security.netapp.com/advisory/ntap-20210805-0006/
ssvc	Track	https://security.netapp.com/advisory/ntap-20210805-0006/
cvssv3.1	9.8	https://trac.nginx.org/nginx/ticket/1368
ssvc	Track	https://trac.nginx.org/nginx/ticket/1368

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-20005.json
		https://api.first.org/data/v1/epss?cve=CVE-2017-20005
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20005
0206ebe76f748bb39d9de4dd4b3fce777fdfdccf		https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf
1368		https://trac.nginx.org/nginx/ticket/1368
1974192		https://bugzilla.redhat.com/show_bug.cgi?id=1974192
b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b		https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b
CHANGES		http://nginx.org/en/CHANGES
msg00009.html		https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html
ntap-20210805-0006		https://security.netapp.com/advisory/ntap-20210805-0006/
USN-5109-1		https://usn.ubuntu.com/5109-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://nginx.org/en/CHANGES

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/ Found at http://nginx.org/en/CHANGES

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-20005.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/ Found at https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/ Found at https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/ Found at https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20210805-0006/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/ Found at https://security.netapp.com/advisory/ntap-20210805-0006/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://trac.nginx.org/nginx/ticket/1368

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/ Found at https://trac.nginx.org/nginx/ticket/1368

Exploit Prediction Scoring System (EPSS)

Percentile	0.87065
EPSS Score	0.0325
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T14:28:54.433389+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-20005.json	38.0.0