{ "matches": [ { "vulnerability": { "id": "CVE-2023-2953", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-2953", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-2953", "epss": 0.01419, "percentile": 0.80641, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", "type": "Secondary" }, { "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Secondary" }, { "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 1.06425 }, "relatedVulnerabilities": [ { "id": "CVE-2023-2953", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", "severity": "High", "urls": [ "http://seclists.org/fulldisclosure/2023/Jul/47", "http://seclists.org/fulldisclosure/2023/Jul/48", "http://seclists.org/fulldisclosure/2023/Jul/52", "https://access.redhat.com/security/cve/CVE-2023-2953", "https://bugs.openldap.org/show_bug.cgi?id=9904", "https://security.netapp.com/advisory/ntap-20230703-0005/", "https://support.apple.com/kb/HT213843", "https://support.apple.com/kb/HT213844", "https://support.apple.com/kb/HT213845" ], "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-2953", "epss": 0.01419, "percentile": 0.80641, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", "type": "Secondary" }, { "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Secondary" }, { "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "openldap", "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2023-2953", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "919a44d8cbaa32e2", "name": "libldap-2.5-0", "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { "name": "openldap" } ] } }, { "vulnerability": { "id": "CVE-2025-15467", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15467", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.8, "exploitabilityScore": 2.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-15467", "epss": 0.00705, "percentile": 0.72196, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-15467", "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { "version": "3.0.18-1~deb12u2", "date": "2026-01-27", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6113-1", "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], "risk": 0.574575 }, "relatedVulnerabilities": [ { "id": "CVE-2025-15467", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", "http://www.openwall.com/lists/oss-security/2026/01/27/10", "http://www.openwall.com/lists/oss-security/2026/02/25/6", "https://github.com/guiimoraes/CVE-2025-15467" ], "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.8, "exploitabilityScore": 2.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-15467", "epss": 0.00705, "percentile": 0.72196, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-15467", "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "openssl", "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2025-15467", "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { "id": "f17ef78f1c42683d", "name": "libssl3", "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3/copyright", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3.md5sums", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2017-17740", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": [], "epss": [ { "cve": "CVE-2017-17740", "epss": 0.06138, "percentile": 0.90838, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2017-17740", "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.3069 }, "relatedVulnerabilities": [ { "id": "CVE-2017-17740", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", "namespace": "nvd:cpe", "severity": "High", "urls": [ "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", "http://www.openldap.org/its/index.cgi/Incoming?id=8759", "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2017-17740", "epss": 0.06138, "percentile": 0.90838, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2017-17740", "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "openldap", "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2017-17740", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "919a44d8cbaa32e2", "name": "libldap-2.5-0", "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { "name": "openldap" } ] } }, { "vulnerability": { "id": "CVE-2025-69420", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69420", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-69420", "epss": 0.00303, "percentile": 0.53564, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-69420", "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { "version": "3.0.18-1~deb12u2", "date": "2026-01-27", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6113-1", "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], "risk": 0.22725 }, "relatedVulnerabilities": [ { "id": "CVE-2025-69420", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", "https://openssl-library.org/news/secadv/20260127.txt" ], "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-69420", "epss": 0.00303, "percentile": 0.53564, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-69420", "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "openssl", "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2025-69420", "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { "id": "f17ef78f1c42683d", "name": "libssl3", "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3/copyright", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3.md5sums", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2011-3389", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2011-3389", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", "cvss": [], "epss": [ { "cve": "CVE-2011-3389", "epss": 0.03933, "percentile": 0.88362, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2011-3389", "cwe": "CWE-326", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.19665 }, "relatedVulnerabilities": [ { "id": "CVE-2011-3389", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2011-3389", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/", "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx", "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx", "http://curl.haxx.se/docs/adv_20120124B.html", "http://downloads.asterisk.org/pub/security/AST-2016-001.html", "http://ekoparty.org/2011/juliano-rizzo.php", "http://eprint.iacr.org/2004/111", "http://eprint.iacr.org/2006/136", "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635", "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html", "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html", "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html", "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html", "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html", "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html", "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html", "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html", "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html", "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html", "http://marc.info/?l=bugtraq&m=132750579901589&w=2", "http://marc.info/?l=bugtraq&m=132872385320240&w=2", "http://marc.info/?l=bugtraq&m=133365109612558&w=2", "http://marc.info/?l=bugtraq&m=133728004526190&w=2", "http://marc.info/?l=bugtraq&m=134254866602253&w=2", "http://marc.info/?l=bugtraq&m=134254957702612&w=2", "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue", "http://osvdb.org/74829", "http://rhn.redhat.com/errata/RHSA-2012-0508.html", "http://rhn.redhat.com/errata/RHSA-2013-1455.html", "http://secunia.com/advisories/45791", "http://secunia.com/advisories/47998", "http://secunia.com/advisories/48256", "http://secunia.com/advisories/48692", "http://secunia.com/advisories/48915", "http://secunia.com/advisories/48948", "http://secunia.com/advisories/49198", "http://secunia.com/advisories/55322", "http://secunia.com/advisories/55350", "http://secunia.com/advisories/55351", "http://security.gentoo.org/glsa/glsa-201203-02.xml", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://support.apple.com/kb/HT4999", "http://support.apple.com/kb/HT5001", "http://support.apple.com/kb/HT5130", "http://support.apple.com/kb/HT5281", "http://support.apple.com/kb/HT5501", "http://support.apple.com/kb/HT6150", "http://technet.microsoft.com/security/advisory/2588513", "http://vnhacker.blogspot.com/2011/09/beast.html", "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", "http://www.debian.org/security/2012/dsa-2398", "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html", "http://www.ibm.com/developerworks/java/jdk/alerts/", "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html", "http://www.insecure.cl/Beast-SSL.rar", "http://www.kb.cert.org/vuls/id/864643", "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058", "http://www.opera.com/docs/changelogs/mac/1151/", "http://www.opera.com/docs/changelogs/mac/1160/", "http://www.opera.com/docs/changelogs/unix/1151/", "http://www.opera.com/docs/changelogs/unix/1160/", "http://www.opera.com/docs/changelogs/windows/1151/", "http://www.opera.com/docs/changelogs/windows/1160/", "http://www.opera.com/support/kb/view/1004/", "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", "http://www.redhat.com/support/errata/RHSA-2011-1384.html", "http://www.redhat.com/support/errata/RHSA-2012-0006.html", "http://www.securityfocus.com/bid/49388", "http://www.securityfocus.com/bid/49778", "http://www.securitytracker.com/id/1029190", "http://www.securitytracker.com/id?1025997", "http://www.securitytracker.com/id?1026103", "http://www.securitytracker.com/id?1026704", "http://www.ubuntu.com/usn/USN-1263-1", "http://www.us-cert.gov/cas/techalerts/TA12-010A.html", "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail", "https://bugzilla.novell.com/show_bug.cgi?id=719047", "https://bugzilla.redhat.com/show_bug.cgi?id=737506", "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf", "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006", "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862", "https://hermes.opensuse.org/messages/13154861", "https://hermes.opensuse.org/messages/13155432", "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752" ], "description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 4.3, "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2011-3389", "epss": 0.03933, "percentile": 0.88362, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2011-3389", "cwe": "CWE-326", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "gnutls28", "version": "3.7.9-2+deb12u5" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2011-3389", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "5458fd103c1e4fd3", "name": "libgnutls30", "version": "3.7.9-2+deb12u5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgnutls30", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libgnutls30", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", "upstreams": [ { "name": "gnutls28" } ] } }, { "vulnerability": { "id": "CVE-2015-3276", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2015-3276", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", "cvss": [], "epss": [ { "cve": "CVE-2015-3276", "epss": 0.01912, "percentile": 0.83361, "date": "2026-04-27" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.09560000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2015-3276", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2015-3276", "namespace": "nvd:cpe", "severity": "High", "urls": [ "http://rhn.redhat.com/errata/RHSA-2015-2131.html", "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "http://www.securitytracker.com/id/1034221", "https://bugzilla.redhat.com/show_bug.cgi?id=1238322" ], "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2015-3276", "epss": 0.01912, "percentile": 0.83361, "date": "2026-04-27" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "openldap", "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2015-3276", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "919a44d8cbaa32e2", "name": "libldap-2.5-0", "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { "name": "openldap" } ] } }, { "vulnerability": { "id": "CVE-2018-20796", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [], "epss": [ { "cve": "CVE-2018-20796", "epss": 0.01492, "percentile": 0.8113, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2018-20796", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0746 }, "relatedVulnerabilities": [ { "id": "CVE-2018-20796", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", "namespace": "nvd:cpe", "severity": "High", "urls": [ "http://www.securityfocus.com/bid/107160", "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", "https://security.netapp.com/advisory/ntap-20190315-0002/", "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2018-20796", "epss": 0.01492, "percentile": 0.8113, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2018-20796", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "glibc", "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2018-20796", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b1f23f68887853e1", "name": "libc6", "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "GPL-2", "LGPL-2.1" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2026-22796", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-22796", "epss": 0.00117, "percentile": 0.30088, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-22796", "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { "version": "3.0.18-1~deb12u2", "date": "2026-01-27", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6113-1", "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], "risk": 0.060254999999999996 }, "relatedVulnerabilities": [ { "id": "CVE-2026-22796", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://openssl-library.org/news/secadv/20260127.txt" ], "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-22796", "epss": 0.00117, "percentile": 0.30088, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-22796", "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "openssl", "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-22796", "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { "id": "f17ef78f1c42683d", "name": "libssl3", "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3/copyright", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3.md5sums", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2018-5709", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { "cve": "CVE-2018-5709", "epss": 0.01188, "percentile": 0.78866, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2018-5709", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0594 }, "relatedVulnerabilities": [ { "id": "CVE-2018-5709", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2018-5709", "epss": 0.01188, "percentile": 0.78866, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2018-5709", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "krb5", "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "c8948b00cda8062b", "name": "libgssapi-krb5-2", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2018-5709", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { "cve": "CVE-2018-5709", "epss": 0.01188, "percentile": 0.78866, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2018-5709", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0594 }, "relatedVulnerabilities": [ { "id": "CVE-2018-5709", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2018-5709", "epss": 0.01188, "percentile": 0.78866, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2018-5709", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "krb5", "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "8f3a478cb18888b8", "name": "libk5crypto3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2018-5709", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { "cve": "CVE-2018-5709", "epss": 0.01188, "percentile": 0.78866, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2018-5709", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0594 }, "relatedVulnerabilities": [ { "id": "CVE-2018-5709", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2018-5709", "epss": 0.01188, "percentile": 0.78866, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2018-5709", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "krb5", "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "575c8aeb7addaf05", "name": "libkrb5-3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2018-5709", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { "cve": "CVE-2018-5709", "epss": 0.01188, "percentile": 0.78866, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2018-5709", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0594 }, "relatedVulnerabilities": [ { "id": "CVE-2018-5709", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2018-5709", "epss": 0.01188, "percentile": 0.78866, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2018-5709", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "krb5", "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "f17cb326c34696aa", "name": "libkrb5support0", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2025-10148", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-10148", "epss": 0.00112, "percentile": 0.29488, "date": "2026-04-27" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.057679999999999995 }, "relatedVulnerabilities": [ { "id": "CVE-2025-10148", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-10148.html", "https://curl.se/docs/CVE-2025-10148.json", "https://hackerone.com/reports/3330839", "http://www.openwall.com/lists/oss-security/2025/09/10/2", "http://www.openwall.com/lists/oss-security/2025/09/10/3", "http://www.openwall.com/lists/oss-security/2025/09/10/4" ], "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-10148", "epss": 0.00112, "percentile": 0.29488, "date": "2026-04-27" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "curl", "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2025-10148", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "7b756a4c6b6cb784", "name": "libcurl4", "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2025-15281", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-15281", "epss": 0.00069, "percentile": 0.21099, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.05175 }, "relatedVulnerabilities": [ { "id": "CVE-2025-15281", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-15281", "epss": 0.00069, "percentile": 0.21099, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "glibc", "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b1f23f68887853e1", "name": "libc6", "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "GPL-2", "LGPL-2.1" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2026-2004", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2004", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.8, "exploitabilityScore": 2.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-2004", "epss": 0.00059, "percentile": 0.18462, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-2004", "cwe": "CWE-1287", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ "15.16-0+deb12u1" ], "state": "fixed", "available": [ { "version": "15.16-0+deb12u1", "date": "2026-02-12", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6132-1", "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" } ], "risk": 0.048085 }, "relatedVulnerabilities": [ { "id": "CVE-2026-2004", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2004", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://www.postgresql.org/support/security/CVE-2026-2004/" ], "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.8, "exploitabilityScore": 2.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-2004", "epss": 0.00059, "percentile": 0.18462, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-2004", "cwe": "CWE-1287", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "postgresql-15", "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-2004", "versionConstraint": "< 15.16-0+deb12u1 (deb)" }, "fix": { "suggestedVersion": "15.16-0+deb12u1" } } ], "artifact": { "id": "da0ab4ee51b298d8", "name": "libpq5", "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { "name": "postgresql-15" } ] } }, { "vulnerability": { "id": "CVE-2025-69419", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 7.4, "exploitabilityScore": 2.3, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-69419", "epss": 0.00063, "percentile": 0.19412, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-69419", "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { "version": "3.0.18-1~deb12u2", "date": "2026-01-27", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6113-1", "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], "risk": 0.046935 }, "relatedVulnerabilities": [ { "id": "CVE-2025-69419", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://openssl-library.org/news/secadv/20260127.txt" ], "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 7.4, "exploitabilityScore": 2.3, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-69419", "epss": 0.00063, "percentile": 0.19412, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-69419", "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "openssl", "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2025-69419", "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { "id": "f17ef78f1c42683d", "name": "libssl3", "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3/copyright", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3.md5sums", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2025-13151", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-13151", "epss": 0.00062, "percentile": 0.19196, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-13151", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.0465 }, "relatedVulnerabilities": [ { "id": "CVE-2025-13151", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://gitlab.com/gnutls/libtasn1", "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", "http://www.openwall.com/lists/oss-security/2026/01/08/5", "https://www.kb.cert.org/vuls/id/271649" ], "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-13151", "epss": 0.00062, "percentile": 0.19196, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-13151", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "libtasn1-6", "version": "4.19.0-2+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "48b70e4d102cdd4b", "name": "libtasn1-6", "version": "4.19.0-2+deb12u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libtasn1-6", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libtasn1-6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", "cpe:2.3:a:libtasn1-6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", "cpe:2.3:a:libtasn1_6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", "cpe:2.3:a:libtasn1_6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", "cpe:2.3:a:libtasn1:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", "cpe:2.3:a:libtasn1:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?arch=amd64&distro=debian-12", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2026-5450", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-5450", "namespace": "debian:distro:debian:12", "severity": "Critical", "urls": [], "description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5450", "epss": 0.00049, "percentile": 0.1526, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-5450", "cwe": "CWE-122", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-5450", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.046060000000000004 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5450", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", "namespace": "nvd:cpe", "severity": "Critical", "urls": [ "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450" ], "description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5450", "epss": 0.00049, "percentile": 0.1526, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-5450", "cwe": "CWE-122", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-5450", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "glibc", "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-5450", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b1f23f68887853e1", "name": "libc6", "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "GPL-2", "LGPL-2.1" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2019-1010025", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { "cve": "CVE-2019-1010025", "epss": 0.00856, "percentile": 0.75042, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2019-1010025", "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0428 }, "relatedVulnerabilities": [ { "id": "CVE-2019-1010025", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", "https://support.f5.com/csp/article/K06046097", "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010025" ], "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2019-1010025", "epss": 0.00856, "percentile": 0.75042, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2019-1010025", "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "glibc", "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2019-1010025", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b1f23f68887853e1", "name": "libc6", "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "GPL-2", "LGPL-2.1" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2019-9192", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [], "epss": [ { "cve": "CVE-2019-9192", "epss": 0.0079, "percentile": 0.73957, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2019-9192", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.03950000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2019-9192", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2019-9192", "epss": 0.0079, "percentile": 0.73957, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2019-9192", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "glibc", "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2019-9192", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b1f23f68887853e1", "name": "libc6", "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "GPL-2", "LGPL-2.1" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2026-4437", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4437", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], "description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4437", "epss": 0.0005, "percentile": 0.15538, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4437", "cwe": "CWE-125", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.0375 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4437", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4437", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=34014" ], "description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4437", "epss": 0.0005, "percentile": 0.15538, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4437", "cwe": "CWE-125", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "glibc", "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-4437", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b1f23f68887853e1", "name": "libc6", "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "GPL-2", "LGPL-2.1" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2025-29478", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-29478", "epss": 0.00071, "percentile": 0.21474, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-29478", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "" }, "advisories": [], "risk": 0.037275 }, "relatedVulnerabilities": [], "matchDetails": [ { "type": "cpe-match", "matcher": "stock-matcher", "searchedBy": { "namespace": "nvd:cpe", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:4.0.13:*:*:*:*:*:*:*" ], "package": { "name": "fluent-bit", "version": "4.0.13" } }, "found": { "vulnerabilityID": "CVE-2025-29478", "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" ] } } ], "artifact": { "id": "5c9ed42943eb96f5", "name": "fluent-bit", "version": "4.0.13", "type": "binary", "locations": [ { "path": "/fluent-bit/bin/fluent-bit", "layerID": "sha256:f9725a4843d8177ab79ad0290db93000cfd21f404e0950ca2df8f77bc8a8e398", "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:4.0.13:*:*:*:*:*:*:*" ], "purl": "pkg:github/fluent/fluent-bit@4.0.13", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2026-1965", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-1965", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], "description": "libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion must first be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. One underlying reason being that Negotiate sometimes authenticates *connections* and not *requests*, contrary to how HTTP is designed to work. An application that allows Negotiate authentication to a server (that responds wanting Negotiate) with `user1:password1` and then does another operation to the same server also using Negotiate but with `user2:password2` (while the previous connection is still alive) - the second request wrongly reused the same connection and since it then sees that the Negotiate negotiation is already made, it just sends the request over that connection thinking it uses the user2 credentials when it is in fact still using the connection authenticated for user1... The set of authentication methods to use is set with `CURLOPT_HTTPAUTH`. Applications can disable libcurl's reuse of connections and thus mitigate this problem, by using one of the following libcurl options to alter how connections are or are not reused: `CURLOPT_FRESH_CONNECT`, `CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the curl_multi API).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1965", "epss": 0.00062, "percentile": 0.19122, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-1965", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.03565 }, "relatedVulnerabilities": [ { "id": "CVE-2026-1965", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-1965.html", "https://curl.se/docs/CVE-2026-1965.json" ], "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1965", "epss": 0.00062, "percentile": 0.19122, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-1965", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "curl", "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "7b756a4c6b6cb784", "name": "libcurl4", "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2026-5928", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-5928", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], "description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash. A bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp->_IO_read_ptr) instead of the actual wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program crash may happen in cases where fp->_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5928", "epss": 0.00046, "percentile": 0.14108, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-5928", "cwe": "CWE-127", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.0345 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5928", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=33998" ], "description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp->_IO_read_ptr) instead of the actual wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program crash may happen in cases where fp->_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5928", "epss": 0.00046, "percentile": 0.14108, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-5928", "cwe": "CWE-127", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "glibc", "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-5928", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b1f23f68887853e1", "name": "libc6", "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "GPL-2", "LGPL-2.1" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2026-4046", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4046", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], "description": "The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4046", "epss": 0.00044, "percentile": 0.13296, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4046", "cwe": "CWE-617", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.033 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4046", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4046", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://inbox.sourceware.org/libc-announce/76814edf-cf7f-47ec-979d-2dce0a2c76bf@gotplt.org/T/#u", "https://sourceware.org/bugzilla/show_bug.cgi?id=33980", "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD" ], "description": "The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application.\n\n\n\nThis vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4046", "epss": 0.00044, "percentile": 0.13296, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4046", "cwe": "CWE-617", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "glibc", "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-4046", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b1f23f68887853e1", "name": "libc6", "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "GPL-2", "LGPL-2.1" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2019-1010024", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { "cve": "CVE-2019-1010024", "epss": 0.00646, "percentile": 0.70796, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2019-1010024", "cwe": "CWE-200", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0323 }, "relatedVulnerabilities": [ { "id": "CVE-2019-1010024", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "http://www.securityfocus.com/bid/109162", "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", "https://support.f5.com/csp/article/K06046097", "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010024" ], "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2019-1010024", "epss": 0.00646, "percentile": 0.70796, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2019-1010024", "cwe": "CWE-200", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "glibc", "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2019-1010024", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b1f23f68887853e1", "name": "libc6", "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "GPL-2", "LGPL-2.1" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2026-2006", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2006", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], "description": "Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.8, "exploitabilityScore": 2.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-2006", "epss": 0.00039, "percentile": 0.11669, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-2006", "cwe": "CWE-129", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ "15.16-0+deb12u1" ], "state": "fixed", "available": [ { "version": "15.16-0+deb12u1", "date": "2026-02-12", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6132-1", "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" } ], "risk": 0.031785 }, "relatedVulnerabilities": [ { "id": "CVE-2026-2006", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2006", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://www.postgresql.org/support/security/CVE-2026-2006/" ], "description": "Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.8, "exploitabilityScore": 2.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-2006", "epss": 0.00039, "percentile": 0.11669, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-2006", "cwe": "CWE-129", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "postgresql-15", "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-2006", "versionConstraint": "< 15.16-0+deb12u1 (deb)" }, "fix": { "suggestedVersion": "15.16-0+deb12u1" } } ], "artifact": { "id": "da0ab4ee51b298d8", "name": "libpq5", "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { "name": "postgresql-15" } ] } }, { "vulnerability": { "id": "CVE-2025-14831", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14831", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14831", "epss": 0.00059, "percentile": 0.18199, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-14831", "cwe": "CWE-407", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ "3.7.9-2+deb12u6" ], "state": "fixed", "available": [ { "version": "3.7.9-2+deb12u6", "date": "2026-02-18", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6140-1", "link": "https://security-tracker.debian.org/tracker/DSA-6140-1" } ], "risk": 0.030385000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2025-14831", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2026:3477", "https://access.redhat.com/errata/RHSA-2026:4188", "https://access.redhat.com/errata/RHSA-2026:4655", "https://access.redhat.com/errata/RHSA-2026:4943", "https://access.redhat.com/errata/RHSA-2026:5585", "https://access.redhat.com/errata/RHSA-2026:5606", "https://access.redhat.com/errata/RHSA-2026:6618", "https://access.redhat.com/errata/RHSA-2026:6630", "https://access.redhat.com/errata/RHSA-2026:6737", "https://access.redhat.com/errata/RHSA-2026:6738", "https://access.redhat.com/errata/RHSA-2026:7329", "https://access.redhat.com/errata/RHSA-2026:7335", "https://access.redhat.com/errata/RHSA-2026:7477", "https://access.redhat.com/errata/RHSA-2026:8746", "https://access.redhat.com/errata/RHSA-2026:8747", "https://access.redhat.com/errata/RHSA-2026:8748", "https://access.redhat.com/security/cve/CVE-2025-14831", "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", "https://gitlab.com/gnutls/gnutls/-/issues/1773" ], "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14831", "epss": 0.00059, "percentile": 0.18199, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-14831", "cwe": "CWE-407", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "gnutls28", "version": "3.7.9-2+deb12u5" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2025-14831", "versionConstraint": "< 3.7.9-2+deb12u6 (deb)" }, "fix": { "suggestedVersion": "3.7.9-2+deb12u6" } } ], "artifact": { "id": "5458fd103c1e4fd3", "name": "libgnutls30", "version": "3.7.9-2+deb12u5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgnutls30", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libgnutls30", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", "upstreams": [ { "name": "gnutls28" } ] } }, { "vulnerability": { "id": "CVE-2024-2236", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [], "epss": [ { "cve": "CVE-2024-2236", "epss": 0.00588, "percentile": 0.69209, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-2236", "cwe": "CWE-385", "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0294 }, "relatedVulnerabilities": [ { "id": "CVE-2024-2236", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2024:9404", "https://access.redhat.com/errata/RHSA-2025:3530", "https://access.redhat.com/errata/RHSA-2025:3534", "https://access.redhat.com/security/cve/CVE-2024-2236", "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" ], "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-2236", "epss": 0.00588, "percentile": 0.69209, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-2236", "cwe": "CWE-385", "source": "secalert@redhat.com", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "libgcrypt20", "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2024-2236", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "aa143951e2980797", "name": "libgcrypt20", "version": "1.10.1-3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2026-34743", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-34743", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], "description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-34743", "epss": 0.00055, "percentile": 0.17176, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-34743", "cwe": "CWE-122", "source": "security-advisories@github.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.028325000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2026-34743", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", "http://www.openwall.com/lists/oss-security/2026/03/31/13" ], "description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "security-advisories@github.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 1.7 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-34743", "epss": 0.00055, "percentile": 0.17176, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-34743", "cwe": "CWE-122", "source": "security-advisories@github.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "xz-utils", "version": "5.4.1-1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-34743", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "472c1368193da0b1", "name": "liblzma5", "version": "5.4.1-1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/liblzma5", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/liblzma5", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:liblzma5:liblzma5:5.4.1-1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/liblzma5@5.4.1-1?arch=amd64&distro=debian-12&upstream=xz-utils", "upstreams": [ { "name": "xz-utils" } ] } }, { "vulnerability": { "id": "CVE-2025-29477", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 0.8, "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-29477", "epss": 0.00053, "percentile": 0.16528, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-29477", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "" }, "advisories": [], "risk": 0.027825000000000003 }, "relatedVulnerabilities": [], "matchDetails": [ { "type": "cpe-match", "matcher": "stock-matcher", "searchedBy": { "namespace": "nvd:cpe", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:4.0.13:*:*:*:*:*:*:*" ], "package": { "name": "fluent-bit", "version": "4.0.13" } }, "found": { "vulnerabilityID": "CVE-2025-29477", "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" ] } } ], "artifact": { "id": "5c9ed42943eb96f5", "name": "fluent-bit", "version": "4.0.13", "type": "binary", "locations": [ { "path": "/fluent-bit/bin/fluent-bit", "layerID": "sha256:f9725a4843d8177ab79ad0290db93000cfd21f404e0950ca2df8f77bc8a8e398", "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:4.0.13:*:*:*:*:*:*:*" ], "purl": "pkg:github/fluent/fluent-bit@4.0.13", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2026-2005", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2005", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], "description": "Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.8, "exploitabilityScore": 2.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-2005", "epss": 0.00034, "percentile": 0.10011, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-2005", "cwe": "CWE-122", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ "15.16-0+deb12u1" ], "state": "fixed", "available": [ { "version": "15.16-0+deb12u1", "date": "2026-02-12", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6132-1", "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" } ], "risk": 0.027710000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2026-2005", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2005", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://www.postgresql.org/support/security/CVE-2026-2005/" ], "description": "Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.8, "exploitabilityScore": 2.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-2005", "epss": 0.00034, "percentile": 0.10011, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-2005", "cwe": "CWE-122", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "postgresql-15", "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-2005", "versionConstraint": "< 15.16-0+deb12u1 (deb)" }, "fix": { "suggestedVersion": "15.16-0+deb12u1" } } ], "artifact": { "id": "da0ab4ee51b298d8", "name": "libpq5", "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { "name": "postgresql-15" } ] } }, { "vulnerability": { "id": "CVE-2025-69421", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69421", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-69421", "epss": 0.00036, "percentile": 0.10485, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-69421", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { "version": "3.0.18-1~deb12u2", "date": "2026-01-27", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6113-1", "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], "risk": 0.027 }, "relatedVulnerabilities": [ { "id": "CVE-2025-69421", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-69421", "epss": 0.00036, "percentile": 0.10485, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-69421", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "openssl", "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { "id": "f17ef78f1c42683d", "name": "libssl3", "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3/copyright", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3.md5sums", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2025-12818", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-12818", "epss": 0.00048, "percentile": 0.14932, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-12818", "cwe": "CWE-190", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ "15.15-0+deb12u1" ], "state": "fixed", "available": [ { "version": "15.15-0+deb12u1", "date": "2026-01-19", "kind": "first-observed" } ] }, "advisories": [], "risk": 0.026160000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2025-12818", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://www.postgresql.org/support/security/CVE-2025-12818/" ], "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-12818", "epss": 0.00048, "percentile": 0.14932, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-12818", "cwe": "CWE-190", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "postgresql-15", "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2025-12818", "versionConstraint": "< 15.15-0+deb12u1 (deb)" }, "fix": { "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { "id": "da0ab4ee51b298d8", "name": "libpq5", "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { "name": "postgresql-15" } ] } }, { "vulnerability": { "id": "CVE-2018-6829", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [], "epss": [ { "cve": "CVE-2018-6829", "epss": 0.00515, "percentile": 0.66677, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2018-6829", "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.025750000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2018-6829", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", "https://www.oracle.com/security-alerts/cpujan2020.html" ], "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2018-6829", "epss": 0.00515, "percentile": 0.66677, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2018-6829", "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "libgcrypt20", "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2018-6829", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "aa143951e2980797", "name": "libgcrypt20", "version": "1.10.1-3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2026-28387", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-28387", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], "description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, the issue only affects clients that make use of TLSA records with both the PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate usage. By far the most common deployment of DANE is in SMTP MTAs for which RFC7672 recommends that clients treat as 'unusable' any TLSA records that have the PKIX certificate usages. These SMTP (or other similar) clients are not vulnerable to this issue. Conversely, any clients that support only the PKIX usages, and ignore the DANE-TA(2) usage are also not vulnerable. The client would also need to be communicating with a server that publishes a TLSA RRset with both types of TLSA records. No FIPS modules are affected by this issue, the problem code is outside the FIPS module boundary.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.1, "exploitabilityScore": 2.3, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28387", "epss": 0.00032, "percentile": 0.09152, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-28387", "cwe": "CWE-416", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.0.19-1~deb12u2" ], "state": "fixed", "available": [ { "version": "3.0.19-1~deb12u2", "date": "2026-04-07", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6201-1", "link": "https://security-tracker.debian.org/tracker/DSA-6201-1" } ], "risk": 0.024960000000000006 }, "relatedVulnerabilities": [ { "id": "CVE-2026-28387", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", "https://openssl-library.org/news/secadv/20260407.txt" ], "description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.1, "exploitabilityScore": 2.3, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28387", "epss": 0.00032, "percentile": 0.09152, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-28387", "cwe": "CWE-416", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "openssl", "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-28387", "versionConstraint": "< 3.0.19-1~deb12u2 (deb)" }, "fix": { "suggestedVersion": "3.0.19-1~deb12u2" } } ], "artifact": { "id": "f17ef78f1c42683d", "name": "libssl3", "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3/copyright", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3.md5sums", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2026-31789", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-31789", "namespace": "debian:distro:debian:12", "severity": "Critical", "urls": [], "description": "Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker can supply a crafted X.509 certificate with an excessively large OCTET STRING value in extensions such as the Subject Key Identifier (SKID) or Authority Key Identifier (AKID) which are being converted to hex, the size of the buffer needed for the result is calculated as multiplication of the input length by 3. On 32 bit platforms, this multiplication may overflow resulting in the allocation of a smaller buffer and a heap buffer overflow. Applications and services that print or log contents of untrusted X.509 certificates are vulnerable to this issue. As the certificates would have to have sizes of over 1 Gigabyte, printing or logging such certificates is a fairly unlikely operation and only 32 bit platforms are affected, this issue was assigned Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-31789", "epss": 0.00026, "percentile": 0.07295, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-31789", "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.0.19-1~deb12u2" ], "state": "fixed", "available": [ { "version": "3.0.19-1~deb12u2", "date": "2026-04-07", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6201-1", "link": "https://security-tracker.debian.org/tracker/DSA-6201-1" } ], "risk": 0.024439999999999996 }, "relatedVulnerabilities": [ { "id": "CVE-2026-31789", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "namespace": "nvd:cpe", "severity": "Critical", "urls": [ "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://openssl-library.org/news/secadv/20260407.txt" ], "description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-31789", "epss": 0.00026, "percentile": 0.07295, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-31789", "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "openssl", "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-31789", "versionConstraint": "< 3.0.19-1~deb12u2 (deb)" }, "fix": { "suggestedVersion": "3.0.19-1~deb12u2" } } ], "artifact": { "id": "f17ef78f1c42683d", "name": "libssl3", "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3/copyright", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3.md5sums", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2026-40225", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40225", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], "description": "In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.4, "exploitabilityScore": 0.6, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40225", "epss": 0.00041, "percentile": 0.12406, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-40225", "cwe": "CWE-669", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.023370000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40225", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40225", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/systemd/systemd/security/advisories/GHSA-vpfq-8p5f-jcqx" ], "description": "In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.4, "exploitabilityScore": 0.6, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40225", "epss": 0.00041, "percentile": 0.12406, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-40225", "cwe": "CWE-669", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "systemd", "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-40225", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "a48fdf88485dfed0", "name": "libsystemd0", "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { "name": "systemd" } ] } }, { "vulnerability": { "id": "CVE-2026-40225", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40225", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], "description": "In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.4, "exploitabilityScore": 0.6, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40225", "epss": 0.00041, "percentile": 0.12406, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-40225", "cwe": "CWE-669", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.023370000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40225", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40225", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/systemd/systemd/security/advisories/GHSA-vpfq-8p5f-jcqx" ], "description": "In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.4, "exploitabilityScore": 0.6, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40225", "epss": 0.00041, "percentile": 0.12406, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-40225", "cwe": "CWE-669", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "systemd", "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-40225", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "fbdf5e39d3c6b8fd", "name": "systemd", "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2026-28389", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-28389", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], "description": "Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is processed, the optional parameters field of KeyEncryptionAlgorithmIdentifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28389", "epss": 0.00031, "percentile": 0.08731, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-28389", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.0.19-1~deb12u2" ], "state": "fixed", "available": [ { "version": "3.0.19-1~deb12u2", "date": "2026-04-07", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6201-1", "link": "https://security-tracker.debian.org/tracker/DSA-6201-1" } ], "risk": 0.02325 }, "relatedVulnerabilities": [ { "id": "CVE-2026-28389", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://openssl-library.org/news/secadv/20260407.txt" ], "description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28389", "epss": 0.00031, "percentile": 0.08731, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-28389", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "openssl", "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-28389", "versionConstraint": "< 3.0.19-1~deb12u2 (deb)" }, "fix": { "suggestedVersion": "3.0.19-1~deb12u2" } } ], "artifact": { "id": "f17ef78f1c42683d", "name": "libssl3", "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3/copyright", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3.md5sums", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2026-28390", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-28390", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], "description": "Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyTransportRecipientInfo with RSA-OAEP encryption is processed, the optional parameters field of RSA-OAEP SourceFunc algorithm identifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28390", "epss": 0.00031, "percentile": 0.08731, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-28390", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.0.19-1~deb12u2" ], "state": "fixed", "available": [ { "version": "3.0.19-1~deb12u2", "date": "2026-04-07", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6201-1", "link": "https://security-tracker.debian.org/tracker/DSA-6201-1" } ], "risk": 0.02325 }, "relatedVulnerabilities": [ { "id": "CVE-2026-28390", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "https://openssl-library.org/news/secadv/20260407.txt" ], "description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28390", "epss": 0.00031, "percentile": 0.08731, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-28390", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "openssl", "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-28390", "versionConstraint": "< 3.0.19-1~deb12u2 (deb)" }, "fix": { "suggestedVersion": "3.0.19-1~deb12u2" } } ], "artifact": { "id": "f17ef78f1c42683d", "name": "libssl3", "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3/copyright", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3.md5sums", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2025-14819", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14819", "epss": 0.00045, "percentile": 0.13821, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-14819", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.023175 }, "relatedVulnerabilities": [ { "id": "CVE-2025-14819", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-14819.html", "https://curl.se/docs/CVE-2025-14819.json", "http://www.openwall.com/lists/oss-security/2026/01/07/5" ], "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14819", "epss": 0.00045, "percentile": 0.13821, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-14819", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "curl", "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2025-14819", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "7b756a4c6b6cb784", "name": "libcurl4", "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2025-0725", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", "cvss": [], "epss": [ { "cve": "CVE-2025-0725", "epss": 0.00454, "percentile": 0.63867, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-0725", "cwe": "CWE-120", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.022699999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2025-0725", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://curl.se/docs/CVE-2025-0725.html", "https://curl.se/docs/CVE-2025-0725.json", "https://hackerone.com/reports/2956023", "http://www.openwall.com/lists/oss-security/2025/02/05/3", "http://www.openwall.com/lists/oss-security/2025/02/06/2", "http://www.openwall.com/lists/oss-security/2025/02/06/4", "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", "https://security.netapp.com/advisory/ntap-20250306-0009/" ], "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 7.3, "exploitabilityScore": 3.9, "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-0725", "epss": 0.00454, "percentile": 0.63867, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-0725", "cwe": "CWE-120", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "curl", "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2025-0725", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "7b756a4c6b6cb784", "name": "libcurl4", "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2010-4756", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [], "epss": [ { "cve": "CVE-2010-4756", "epss": 0.00394, "percentile": 0.60333, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2010-4756", "cwe": "CWE-399", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.019700000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2010-4756", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "http://cxib.net/stuff/glob-0day.c", "http://securityreason.com/achievement_securityalert/89", "http://securityreason.com/exploitalert/9223", "https://bugzilla.redhat.com/show_bug.cgi?id=681681", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", "https://security.netapp.com/advisory/ntap-20241108-0002/" ], "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { "baseScore": 4, "exploitabilityScore": 8, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2010-4756", "epss": 0.00394, "percentile": 0.60333, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2010-4756", "cwe": "CWE-399", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "glibc", "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2010-4756", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b1f23f68887853e1", "name": "libc6", "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "GPL-2", "LGPL-2.1" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2025-12817", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", "namespace": "debian:distro:debian:12", "severity": "Low", "urls": [], "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.1, "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-12817", "epss": 0.00061, "percentile": 0.18986, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-12817", "cwe": "CWE-862", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ "15.15-0+deb12u1" ], "state": "fixed", "available": [ { "version": "15.15-0+deb12u1", "date": "2026-01-19", "kind": "first-observed" } ] }, "advisories": [], "risk": 0.018605 }, "relatedVulnerabilities": [ { "id": "CVE-2025-12817", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://www.postgresql.org/support/security/CVE-2025-12817/" ], "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.1, "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-12817", "epss": 0.00061, "percentile": 0.18986, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-12817", "cwe": "CWE-862", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "postgresql-15", "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2025-12817", "versionConstraint": "< 15.15-0+deb12u1 (deb)" }, "fix": { "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { "id": "da0ab4ee51b298d8", "name": "libpq5", "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { "name": "postgresql-15" } ] } }, { "vulnerability": { "id": "CVE-2026-27135", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-27135", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], "description": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.", "cvss": [ { "source": "security-advisories@github.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27135", "epss": 0.00024, "percentile": 0.06712, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-27135", "cwe": "CWE-617", "source": "security-advisories@github.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.018000000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2026-27135", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1", "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6", "http://www.openwall.com/lists/oss-security/2026/03/20/3" ], "description": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.", "cvss": [ { "source": "security-advisories@github.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27135", "epss": 0.00024, "percentile": 0.06712, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-27135", "cwe": "CWE-617", "source": "security-advisories@github.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "nghttp2", "version": "1.52.0-1+deb12u2" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-27135", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "7fba61587556f31d", "name": "libnghttp2-14", "version": "1.52.0-1+deb12u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libnghttp2-14", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libnghttp2-14", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libnghttp2-14:libnghttp2-14:1.52.0-1\\+deb12u2:*:*:*:*:*:*:*", "cpe:2.3:a:libnghttp2-14:libnghttp2_14:1.52.0-1\\+deb12u2:*:*:*:*:*:*:*", "cpe:2.3:a:libnghttp2_14:libnghttp2-14:1.52.0-1\\+deb12u2:*:*:*:*:*:*:*", "cpe:2.3:a:libnghttp2_14:libnghttp2_14:1.52.0-1\\+deb12u2:*:*:*:*:*:*:*", "cpe:2.3:a:libnghttp2:libnghttp2-14:1.52.0-1\\+deb12u2:*:*:*:*:*:*:*", "cpe:2.3:a:libnghttp2:libnghttp2_14:1.52.0-1\\+deb12u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libnghttp2-14@1.52.0-1%2Bdeb12u2?arch=amd64&distro=debian-12&upstream=nghttp2", "upstreams": [ { "name": "nghttp2" } ] } }, { "vulnerability": { "id": "CVE-2026-4438", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4438", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], "description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 5.4, "exploitabilityScore": 2.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4438", "epss": 0.00033, "percentile": 0.09715, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4438", "cwe": "CWE-20", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-4438", "cwe": "CWE-88", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.017159999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4438", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=34015" ], "description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 5.4, "exploitabilityScore": 2.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4438", "epss": 0.00033, "percentile": 0.09715, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4438", "cwe": "CWE-20", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-4438", "cwe": "CWE-88", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "glibc", "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-4438", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b1f23f68887853e1", "name": "libc6", "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "GPL-2", "LGPL-2.1" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2026-0915", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-0915", "epss": 0.00021, "percentile": 0.0582, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-0915", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.01575 }, "relatedVulnerabilities": [ { "id": "CVE-2026-0915", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-0915", "epss": 0.00021, "percentile": 0.0582, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-0915", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "glibc", "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b1f23f68887853e1", "name": "libc6", "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "GPL-2", "LGPL-2.1" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2026-28388", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-28388", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], "description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application. When CRL processing and delta CRL processing is enabled during X.509 certificate verification, the delta CRL processing does not check whether the CRL Number extension is NULL before dereferencing it. When a malformed delta CRL file is being processed, this parameter can be NULL, causing a NULL pointer dereference. Exploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in the verification context, the certificate being verified to contain a freshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and an attacker to provide a malformed CRL to an application that processes it. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28388", "epss": 0.00021, "percentile": 0.05815, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-28388", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.0.19-1~deb12u2" ], "state": "fixed", "available": [ { "version": "3.0.19-1~deb12u2", "date": "2026-04-07", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6201-1", "link": "https://security-tracker.debian.org/tracker/DSA-6201-1" } ], "risk": 0.01575 }, "relatedVulnerabilities": [ { "id": "CVE-2026-28388", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://openssl-library.org/news/secadv/20260407.txt" ], "description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28388", "epss": 0.00021, "percentile": 0.05815, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-28388", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "openssl", "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-28388", "versionConstraint": "< 3.0.19-1~deb12u2 (deb)" }, "fix": { "suggestedVersion": "3.0.19-1~deb12u2" } } ], "artifact": { "id": "f17ef78f1c42683d", "name": "libssl3", "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3/copyright", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3.md5sums", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2019-1010023", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { "cve": "CVE-2019-1010023", "epss": 0.00313, "percentile": 0.54478, "date": "2026-04-27" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.01565 }, "relatedVulnerabilities": [ { "id": "CVE-2019-1010023", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", "namespace": "nvd:cpe", "severity": "High", "urls": [ "http://www.securityfocus.com/bid/109167", "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010023" ], "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.8, "exploitabilityScore": 2.9, "impactScore": 5.9 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "metrics": { "baseScore": 6.8, "exploitabilityScore": 8.6, "impactScore": 6.5 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 5.4, "exploitabilityScore": 2.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2019-1010023", "epss": 0.00313, "percentile": 0.54478, "date": "2026-04-27" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "glibc", "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2019-1010023", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b1f23f68887853e1", "name": "libc6", "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "GPL-2", "LGPL-2.1" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2025-14524", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14524", "epss": 0.00026, "percentile": 0.07221, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-14524", "cwe": "CWE-601", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.01339 }, "relatedVulnerabilities": [ { "id": "CVE-2025-14524", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-14524.html", "https://curl.se/docs/CVE-2025-14524.json", "https://hackerone.com/reports/3459417", "http://www.openwall.com/lists/oss-security/2026/01/07/4" ], "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14524", "epss": 0.00026, "percentile": 0.07221, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-14524", "cwe": "CWE-601", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "curl", "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2025-14524", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "7b756a4c6b6cb784", "name": "libcurl4", "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2025-68160", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-68160", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], "description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-68160", "epss": 0.00027, "percentile": 0.07752, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-68160", "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { "version": "3.0.18-1~deb12u2", "date": "2026-01-27", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6113-1", "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], "risk": 0.013094999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2025-68160", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", "https://openssl-library.org/news/secadv/20260127.txt" ], "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-68160", "epss": 0.00027, "percentile": 0.07752, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-68160", "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "openssl", "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2025-68160", "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { "id": "f17ef78f1c42683d", "name": "libssl3", "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3/copyright", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3.md5sums", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2026-31790", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-31790", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], "description": "Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process which leads to sensitive data leakage to an attacker. RSA_public_encrypt() returns the number of bytes written on success and -1 on error. The affected code tests only whether the return value is non-zero. As a result, if RSA encryption fails, encapsulation can still return success to the caller, set the output lengths, and leave the caller to use the contents of the ciphertext buffer as if a valid KEM ciphertext had been produced. If applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an attacker-supplied invalid RSA public key without first validating that key, then this may cause stale or uninitialized contents of the caller-provided ciphertext buffer to be disclosed to the attacker in place of the KEM ciphertext. As a workaround calling EVP_PKEY_public_check() or EVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate the issue. The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-31790", "epss": 0.00017, "percentile": 0.03962, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-31790", "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.0.19-1~deb12u2" ], "state": "fixed", "available": [ { "version": "3.0.19-1~deb12u2", "date": "2026-04-07", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6201-1", "link": "https://security-tracker.debian.org/tracker/DSA-6201-1" } ], "risk": 0.012750000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-31790", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://openssl-library.org/news/secadv/20260407.txt" ], "description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-31790", "epss": 0.00017, "percentile": 0.03962, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-31790", "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "openssl", "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-31790", "versionConstraint": "< 3.0.19-1~deb12u2 (deb)" }, "fix": { "suggestedVersion": "3.0.19-1~deb12u2" } } ], "artifact": { "id": "f17ef78f1c42683d", "name": "libssl3", "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3/copyright", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3.md5sums", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2026-3784", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-3784", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3784", "epss": 0.00022, "percentile": 0.06118, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-3784", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.012649999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2026-3784", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-3784.html", "https://curl.se/docs/CVE-2026-3784.json", "https://hackerone.com/reports/3584903", "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3784", "epss": 0.00022, "percentile": 0.06118, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-3784", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "curl", "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "7b756a4c6b6cb784", "name": "libcurl4", "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2024-26458", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { "cve": "CVE-2024-26458", "epss": 0.0025, "percentile": 0.4823, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-26458", "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0125 }, "relatedVulnerabilities": [ { "id": "CVE-2024-26458", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", "https://security.netapp.com/advisory/ntap-20240415-0010/" ], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-26458", "epss": 0.0025, "percentile": 0.4823, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-26458", "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "krb5", "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "c8948b00cda8062b", "name": "libgssapi-krb5-2", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2024-26458", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { "cve": "CVE-2024-26458", "epss": 0.0025, "percentile": 0.4823, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-26458", "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0125 }, "relatedVulnerabilities": [ { "id": "CVE-2024-26458", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", "https://security.netapp.com/advisory/ntap-20240415-0010/" ], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-26458", "epss": 0.0025, "percentile": 0.4823, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-26458", "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "krb5", "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "8f3a478cb18888b8", "name": "libk5crypto3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2024-26458", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { "cve": "CVE-2024-26458", "epss": 0.0025, "percentile": 0.4823, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-26458", "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0125 }, "relatedVulnerabilities": [ { "id": "CVE-2024-26458", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", "https://security.netapp.com/advisory/ntap-20240415-0010/" ], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-26458", "epss": 0.0025, "percentile": 0.4823, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-26458", "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "krb5", "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "575c8aeb7addaf05", "name": "libkrb5-3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2024-26458", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { "cve": "CVE-2024-26458", "epss": 0.0025, "percentile": 0.4823, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-26458", "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0125 }, "relatedVulnerabilities": [ { "id": "CVE-2024-26458", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", "https://security.netapp.com/advisory/ntap-20240415-0010/" ], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-26458", "epss": 0.0025, "percentile": 0.4823, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-26458", "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "krb5", "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "f17cb326c34696aa", "name": "libkrb5support0", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2026-3783", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-3783", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3783", "epss": 0.00023, "percentile": 0.06411, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-3783", "cwe": "CWE-522", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.011845000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-3783", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-3783.html", "https://curl.se/docs/CVE-2026-3783.json", "https://hackerone.com/reports/3583983", "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3783", "epss": 0.00023, "percentile": 0.06411, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-3783", "cwe": "CWE-522", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "curl", "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-3783", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "7b756a4c6b6cb784", "name": "libcurl4", "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2025-27587", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-27587", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", "cvss": [], "epss": [ { "cve": "CVE-2025-27587", "epss": 0.00224, "percentile": 0.44998, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-27587", "cwe": "CWE-385", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0112 }, "relatedVulnerabilities": [ { "id": "CVE-2025-27587", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27587", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/openssl/openssl/issues/24253", "https://minerva.crocs.fi.muni.cz" ], "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-27587", "epss": 0.00224, "percentile": 0.44998, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-27587", "cwe": "CWE-385", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "openssl", "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2025-27587", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "f17ef78f1c42683d", "name": "libssl3", "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3/copyright", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3.md5sums", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2026-22795", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22795", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], "description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-22795", "epss": 0.00021, "percentile": 0.05785, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-22795", "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { "version": "3.0.18-1~deb12u2", "date": "2026-01-27", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6113-1", "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], "risk": 0.011025000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2026-22795", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://openssl-library.org/news/secadv/20260127.txt" ], "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-22795", "epss": 0.00021, "percentile": 0.05785, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-22795", "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "openssl", "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-22795", "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { "id": "f17ef78f1c42683d", "name": "libssl3", "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3/copyright", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3.md5sums", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2020-15719", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [], "epss": [ { "cve": "CVE-2020-15719", "epss": 0.00216, "percentile": 0.43986, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2020-15719", "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0108 }, "relatedVulnerabilities": [ { "id": "CVE-2020-15719", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", "https://access.redhat.com/errata/RHBA-2019:3674", "https://bugs.openldap.org/show_bug.cgi?id=9266", "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 4.2, "exploitabilityScore": 1.7, "impactScore": 2.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "metrics": { "baseScore": 4, "exploitabilityScore": 5, "impactScore": 5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2020-15719", "epss": 0.00216, "percentile": 0.43986, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2020-15719", "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "openldap", "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2020-15719", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "919a44d8cbaa32e2", "name": "libldap-2.5-0", "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { "name": "openldap" } ] } }, { "vulnerability": { "id": "CVE-2026-2003", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2003", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], "description": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 4.3, "exploitabilityScore": 2.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-2003", "epss": 0.00023, "percentile": 0.06342, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-2003", "cwe": "CWE-1287", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ "15.16-0+deb12u1" ], "state": "fixed", "available": [ { "version": "15.16-0+deb12u1", "date": "2026-02-12", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6132-1", "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" } ], "risk": 0.010695 }, "relatedVulnerabilities": [ { "id": "CVE-2026-2003", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2003", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://www.postgresql.org/support/security/CVE-2026-2003/" ], "description": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 4.3, "exploitabilityScore": 2.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-2003", "epss": 0.00023, "percentile": 0.06342, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-2003", "cwe": "CWE-1287", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "postgresql-15", "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-2003", "versionConstraint": "< 15.16-0+deb12u1 (deb)" }, "fix": { "suggestedVersion": "15.16-0+deb12u1" } } ], "artifact": { "id": "da0ab4ee51b298d8", "name": "libpq5", "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { "name": "postgresql-15" } ] } }, { "vulnerability": { "id": "CVE-2026-29111", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-29111", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], "description": "systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.", "cvss": [ { "source": "security-advisories@github.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-29111", "epss": 0.0002, "percentile": 0.05537, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-29111", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.0105 }, "relatedVulnerabilities": [ { "id": "CVE-2026-29111", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-29111", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a", "https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6", "https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412", "https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd", "https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f", "https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f", "https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69", "https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6", "https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c", "https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8", "https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764" ], "description": "systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.", "cvss": [ { "source": "security-advisories@github.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-29111", "epss": 0.0002, "percentile": 0.05537, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-29111", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "systemd", "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-29111", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "a48fdf88485dfed0", "name": "libsystemd0", "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { "name": "systemd" } ] } }, { "vulnerability": { "id": "CVE-2026-29111", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-29111", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], "description": "systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.", "cvss": [ { "source": "security-advisories@github.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-29111", "epss": 0.0002, "percentile": 0.05537, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-29111", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.0105 }, "relatedVulnerabilities": [ { "id": "CVE-2026-29111", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-29111", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a", "https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6", "https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412", "https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd", "https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f", "https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f", "https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69", "https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6", "https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c", "https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8", "https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764" ], "description": "systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.", "cvss": [ { "source": "security-advisories@github.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-29111", "epss": 0.0002, "percentile": 0.05537, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-29111", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "systemd", "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-29111", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "fbdf5e39d3c6b8fd", "name": "systemd", "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2024-2379", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", "cvss": [], "epss": [ { "cve": "CVE-2024-2379", "epss": 0.00205, "percentile": 0.42561, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-2379", "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.01025 }, "relatedVulnerabilities": [ { "id": "CVE-2024-2379", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "http://seclists.org/fulldisclosure/2024/Jul/18", "http://seclists.org/fulldisclosure/2024/Jul/19", "http://seclists.org/fulldisclosure/2024/Jul/20", "http://www.openwall.com/lists/oss-security/2024/03/27/2", "https://curl.se/docs/CVE-2024-2379.html", "https://curl.se/docs/CVE-2024-2379.json", "https://hackerone.com/reports/2410774", "https://security.netapp.com/advisory/ntap-20240531-0001/", "https://support.apple.com/kb/HT214118", "https://support.apple.com/kb/HT214119", "https://support.apple.com/kb/HT214120" ], "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 6.3, "exploitabilityScore": 2.9, "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-2379", "epss": 0.00205, "percentile": 0.42561, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-2379", "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "curl", "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2024-2379", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "7b756a4c6b6cb784", "name": "libcurl4", "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2023-31437", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { "cve": "CVE-2023-31437", "epss": 0.0017, "percentile": 0.38, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2023-31437", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2023-31437", "cwe": "CWE-354", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0085 }, "relatedVulnerabilities": [ { "id": "CVE-2023-31437", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/releases" ], "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-31437", "epss": 0.0017, "percentile": 0.38, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2023-31437", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2023-31437", "cwe": "CWE-354", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "systemd", "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "a48fdf88485dfed0", "name": "libsystemd0", "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { "name": "systemd" } ] } }, { "vulnerability": { "id": "CVE-2023-31437", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { "cve": "CVE-2023-31437", "epss": 0.0017, "percentile": 0.38, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2023-31437", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2023-31437", "cwe": "CWE-354", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0085 }, "relatedVulnerabilities": [ { "id": "CVE-2023-31437", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/releases" ], "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-31437", "epss": 0.0017, "percentile": 0.38, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2023-31437", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2023-31437", "cwe": "CWE-354", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "systemd", "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "fbdf5e39d3c6b8fd", "name": "systemd", "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2026-0861", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0861", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.4, "exploitabilityScore": 2.6, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-0861", "epss": 0.0001, "percentile": 0.01245, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-0861", "cwe": "CWE-190", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.00795 }, "relatedVulnerabilities": [ { "id": "CVE-2026-0861", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.4, "exploitabilityScore": 2.6, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-0861", "epss": 0.0001, "percentile": 0.01245, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-0861", "cwe": "CWE-190", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "glibc", "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b1f23f68887853e1", "name": "libc6", "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "GPL-2", "LGPL-2.1" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2026-4105", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4105", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 0.8, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4105", "epss": 0.00012, "percentile": 0.01719, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4105", "cwe": "CWE-284", "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.00702 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4105", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/security/cve/CVE-2026-4105", "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 0.8, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4105", "epss": 0.00012, "percentile": 0.01719, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4105", "cwe": "CWE-284", "source": "secalert@redhat.com", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "systemd", "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "a48fdf88485dfed0", "name": "libsystemd0", "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { "name": "systemd" } ] } }, { "vulnerability": { "id": "CVE-2026-4105", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4105", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 0.8, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4105", "epss": 0.00012, "percentile": 0.01719, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4105", "cwe": "CWE-284", "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.00702 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4105", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/security/cve/CVE-2026-4105", "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 0.8, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4105", "epss": 0.00012, "percentile": 0.01719, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4105", "cwe": "CWE-284", "source": "secalert@redhat.com", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "systemd", "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "fbdf5e39d3c6b8fd", "name": "systemd", "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2026-41989", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-41989", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], "description": "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 1.5, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-41989", "epss": 0.00012, "percentile": 0.01692, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-41989", "cwe": "CWE-787", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00702 }, "relatedVulnerabilities": [ { "id": "CVE-2026-41989", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-41989", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://dev.gnupg.org/T8211", "https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html", "https://www.openwall.com/lists/oss-security/2026/04/21/1" ], "description": "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 1.5, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-41989", "epss": 0.00012, "percentile": 0.01692, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-41989", "cwe": "CWE-787", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "libgcrypt20", "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-41989", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "aa143951e2980797", "name": "libgcrypt20", "version": "1.10.1-3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2023-31438", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { "cve": "CVE-2023-31438", "epss": 0.00134, "percentile": 0.32652, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0067 }, "relatedVulnerabilities": [ { "id": "CVE-2023-31438", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/pull/28886", "https://github.com/systemd/systemd/releases" ], "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-31438", "epss": 0.00134, "percentile": 0.32652, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "systemd", "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "a48fdf88485dfed0", "name": "libsystemd0", "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { "name": "systemd" } ] } }, { "vulnerability": { "id": "CVE-2023-31438", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { "cve": "CVE-2023-31438", "epss": 0.00134, "percentile": 0.32652, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0067 }, "relatedVulnerabilities": [ { "id": "CVE-2023-31438", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/pull/28886", "https://github.com/systemd/systemd/releases" ], "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-31438", "epss": 0.00134, "percentile": 0.32652, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "systemd", "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "fbdf5e39d3c6b8fd", "name": "systemd", "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2019-1010022", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { "cve": "CVE-2019-1010022", "epss": 0.00131, "percentile": 0.32341, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2019-1010022", "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00655 }, "relatedVulnerabilities": [ { "id": "CVE-2019-1010022", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "namespace": "nvd:cpe", "severity": "Critical", "urls": [ "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", "https://ubuntu.com/security/CVE-2019-1010022" ], "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "metrics": { "baseScore": 7.5, "exploitabilityScore": 10, "impactScore": 6.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2019-1010022", "epss": 0.00131, "percentile": 0.32341, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2019-1010022", "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "glibc", "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2019-1010022", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b1f23f68887853e1", "name": "libc6", "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "GPL-2", "LGPL-2.1" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2023-31439", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { "cve": "CVE-2023-31439", "epss": 0.00125, "percentile": 0.31427, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2023-31439", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00625 }, "relatedVulnerabilities": [ { "id": "CVE-2023-31439", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/pull/28885", "https://github.com/systemd/systemd/releases" ], "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-31439", "epss": 0.00125, "percentile": 0.31427, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2023-31439", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "systemd", "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "a48fdf88485dfed0", "name": "libsystemd0", "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { "name": "systemd" } ] } }, { "vulnerability": { "id": "CVE-2023-31439", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { "cve": "CVE-2023-31439", "epss": 0.00125, "percentile": 0.31427, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2023-31439", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00625 }, "relatedVulnerabilities": [ { "id": "CVE-2023-31439", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/pull/28885", "https://github.com/systemd/systemd/releases" ], "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-31439", "epss": 0.00125, "percentile": 0.31427, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2023-31439", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "systemd", "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "fbdf5e39d3c6b8fd", "name": "systemd", "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2017-14159", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [], "epss": [ { "cve": "CVE-2017-14159", "epss": 0.00111, "percentile": 0.29252, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2017-14159", "cwe": "CWE-665", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.005550000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2017-14159", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "http://www.openldap.org/its/index.cgi?findid=8703", "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 1.9, "exploitabilityScore": 3.4, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2017-14159", "epss": 0.00111, "percentile": 0.29252, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2017-14159", "cwe": "CWE-665", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "openldap", "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2017-14159", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "919a44d8cbaa32e2", "name": "libldap-2.5-0", "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { "name": "openldap" } ] } }, { "vulnerability": { "id": "CVE-2026-40226", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40226", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], "description": "In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.4, "exploitabilityScore": 0.5, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40226", "epss": 0.00009, "percentile": 0.00992, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-40226", "cwe": "CWE-348", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.005130000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40226", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40226", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/systemd/systemd/security/advisories/GHSA-9mj4-rrc3-gjcx" ], "description": "In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.4, "exploitabilityScore": 0.5, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40226", "epss": 0.00009, "percentile": 0.00992, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-40226", "cwe": "CWE-348", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "systemd", "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-40226", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "a48fdf88485dfed0", "name": "libsystemd0", "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { "name": "systemd" } ] } }, { "vulnerability": { "id": "CVE-2026-40226", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40226", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], "description": "In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.4, "exploitabilityScore": 0.5, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40226", "epss": 0.00009, "percentile": 0.00992, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-40226", "cwe": "CWE-348", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.005130000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40226", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40226", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/systemd/systemd/security/advisories/GHSA-9mj4-rrc3-gjcx" ], "description": "In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.4, "exploitabilityScore": 0.5, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40226", "epss": 0.00009, "percentile": 0.00992, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-40226", "cwe": "CWE-348", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "systemd", "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-40226", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "fbdf5e39d3c6b8fd", "name": "systemd", "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2026-27171", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-27171", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27171", "epss": 0.00009, "percentile": 0.00839, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-27171", "cwe": "CWE-1284", "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.004725 }, "relatedVulnerabilities": [ { "id": "CVE-2026-27171", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", "https://github.com/madler/zlib/issues/904", "https://github.com/madler/zlib/releases/tag/v1.3.2", "https://ostif.org/zlib-audit-complete/" ], "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.9, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27171", "epss": 0.00009, "percentile": 0.00839, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-27171", "cwe": "CWE-1284", "source": "cve@mitre.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "zlib", "version": "1:1.2.13.dfsg-1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-27171", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "ca40227a4415e447", "name": "zlib1g", "version": "1:1.2.13.dfsg-1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/zlib1g", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/zlib1g", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:zlib1g:zlib1g:1\\:1.2.13.dfsg-1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/zlib1g@1%3A1.2.13.dfsg-1?arch=amd64&distro=debian-12&upstream=zlib", "upstreams": [ { "name": "zlib" } ] } }, { "vulnerability": { "id": "CVE-2026-40228", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40228", "namespace": "debian:distro:debian:12", "severity": "Low", "urls": [], "description": "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40228", "epss": 0.00014, "percentile": 0.02545, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-40228", "cwe": "CWE-669", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.004409999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40228", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40228", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://www.openwall.com/lists/oss-security/2026/04/08/1" ], "description": "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 2.9, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40228", "epss": 0.00014, "percentile": 0.02545, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-40228", "cwe": "CWE-669", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "systemd", "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-40228", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "a48fdf88485dfed0", "name": "libsystemd0", "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { "name": "systemd" } ] } }, { "vulnerability": { "id": "CVE-2026-40228", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40228", "namespace": "debian:distro:debian:12", "severity": "Low", "urls": [], "description": "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40228", "epss": 0.00014, "percentile": 0.02545, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-40228", "cwe": "CWE-669", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.004409999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40228", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40228", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://www.openwall.com/lists/oss-security/2026/04/08/1" ], "description": "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 2.9, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40228", "epss": 0.00014, "percentile": 0.02545, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-40228", "cwe": "CWE-669", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "systemd", "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-40228", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "fbdf5e39d3c6b8fd", "name": "systemd", "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2025-15224", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cvss": [], "epss": [ { "cve": "CVE-2025-15224", "epss": 0.00084, "percentile": 0.24368, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-15224", "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.004200000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2025-15224", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://curl.se/docs/CVE-2025-15224.html", "https://curl.se/docs/CVE-2025-15224.json", "https://hackerone.com/reports/3480925", "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.1, "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-15224", "epss": 0.00084, "percentile": 0.24368, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-15224", "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "curl", "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "7b756a4c6b6cb784", "name": "libcurl4", "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2025-9820", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 4, "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-9820", "epss": 0.00009, "percentile": 0.00965, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-9820", "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ "3.7.9-2+deb12u6" ], "state": "fixed", "available": [ { "version": "3.7.9-2+deb12u6", "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [], "risk": 0.00405 }, "relatedVulnerabilities": [ { "id": "CVE-2025-9820", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2026:3477", "https://access.redhat.com/errata/RHSA-2026:4188", "https://access.redhat.com/errata/RHSA-2026:4655", "https://access.redhat.com/errata/RHSA-2026:4943", "https://access.redhat.com/errata/RHSA-2026:5585", "https://access.redhat.com/errata/RHSA-2026:5606", "https://access.redhat.com/errata/RHSA-2026:7329", "https://access.redhat.com/errata/RHSA-2026:7477", "https://access.redhat.com/security/cve/CVE-2025-9820", "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", "https://gitlab.com/gnutls/gnutls/-/issues/1732", "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 4, "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-9820", "epss": 0.00009, "percentile": 0.00965, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-9820", "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "gnutls28", "version": "3.7.9-2+deb12u5" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2025-9820", "versionConstraint": "< 3.7.9-2+deb12u6 (deb)" }, "fix": { "suggestedVersion": "3.7.9-2+deb12u6" } } ], "artifact": { "id": "5458fd103c1e4fd3", "name": "libgnutls30", "version": "3.7.9-2+deb12u5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgnutls30", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libgnutls30", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", "upstreams": [ { "name": "gnutls28" } ] } }, { "vulnerability": { "id": "CVE-2024-26461", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { "cve": "CVE-2024-26461", "epss": 0.00081, "percentile": 0.23771, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-26461", "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00405 }, "relatedVulnerabilities": [ { "id": "CVE-2024-26461", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", "https://security.netapp.com/advisory/ntap-20240415-0011/" ], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-26461", "epss": 0.00081, "percentile": 0.23771, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-26461", "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "krb5", "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "c8948b00cda8062b", "name": "libgssapi-krb5-2", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2024-26461", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { "cve": "CVE-2024-26461", "epss": 0.00081, "percentile": 0.23771, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-26461", "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00405 }, "relatedVulnerabilities": [ { "id": "CVE-2024-26461", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", "https://security.netapp.com/advisory/ntap-20240415-0011/" ], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-26461", "epss": 0.00081, "percentile": 0.23771, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-26461", "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "krb5", "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "8f3a478cb18888b8", "name": "libk5crypto3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2024-26461", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { "cve": "CVE-2024-26461", "epss": 0.00081, "percentile": 0.23771, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-26461", "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00405 }, "relatedVulnerabilities": [ { "id": "CVE-2024-26461", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", "https://security.netapp.com/advisory/ntap-20240415-0011/" ], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-26461", "epss": 0.00081, "percentile": 0.23771, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-26461", "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "krb5", "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "575c8aeb7addaf05", "name": "libkrb5-3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2024-26461", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { "cve": "CVE-2024-26461", "epss": 0.00081, "percentile": 0.23771, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-26461", "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00405 }, "relatedVulnerabilities": [ { "id": "CVE-2024-26461", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", "https://security.netapp.com/advisory/ntap-20240415-0011/" ], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-26461", "epss": 0.00081, "percentile": 0.23771, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-26461", "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "krb5", "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "f17cb326c34696aa", "name": "libkrb5support0", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2025-69418", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69418", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 4, "exploitabilityScore": 1.5, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-69418", "epss": 0.00008, "percentile": 0.00719, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-69418", "cwe": "CWE-325", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { "version": "3.0.18-1~deb12u2", "date": "2026-01-27", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6113-1", "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], "risk": 0.0036 }, "relatedVulnerabilities": [ { "id": "CVE-2025-69418", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", "https://openssl-library.org/news/secadv/20260127.txt" ], "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 4, "exploitabilityScore": 1.5, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-69418", "epss": 0.00008, "percentile": 0.00719, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-69418", "cwe": "CWE-325", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "openssl", "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2025-69418", "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { "id": "f17ef78f1c42683d", "name": "libssl3", "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3/copyright", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3.md5sums", "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2026-4878", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4878", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], "description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 7, "exploitabilityScore": 1.1, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4878", "epss": 0.00004, "percentile": 0.0017, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4878", "cwe": "CWE-367", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.0029 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4878", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4878", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:7473", "https://access.redhat.com/security/cve/CVE-2026-4878", "https://bugzilla.redhat.com/show_bug.cgi?id=2447554", "https://bugzilla.redhat.com/show_bug.cgi?id=2451615", "http://www.openwall.com/lists/oss-security/2026/04/07/14", "http://www.openwall.com/lists/oss-security/2026/04/07/4", "http://www.openwall.com/lists/oss-security/2026/04/08/9", "http://www.openwall.com/lists/oss-security/2026/04/09/5", "http://www.openwall.com/lists/oss-security/2026/04/09/6" ], "description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 7, "exploitabilityScore": 1.1, "impactScore": 5.9 }, "vendorMetadata": {} }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 0.8, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4878", "epss": 0.00004, "percentile": 0.0017, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4878", "cwe": "CWE-367", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "libcap2", "version": "1:2.66-4+deb12u2" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-4878", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "a55e64e0eb914b2a", "name": "libcap2", "version": "1:2.66-4+deb12u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcap2", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libcap2", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcap2:libcap2:1\\:2.66-4\\+deb12u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcap2@1%3A2.66-4%2Bdeb12u2?arch=amd64&distro=debian-12", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2022-27943", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { "cve": "CVE-2022-27943", "epss": 0.0005, "percentile": 0.15344, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2022-27943", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0025 }, "relatedVulnerabilities": [ { "id": "CVE-2022-27943", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 4.3, "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2022-27943", "epss": 0.0005, "percentile": 0.15344, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2022-27943", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "gcc-12", "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "0a534483a88e1e33", "name": "gcc-12-base", "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/gcc-12-base", "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", "accessPath": "/var/lib/dpkg/status.d/gcc-12-base", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/gcc-12-base/copyright", "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", "accessPath": "/usr/share/doc/gcc-12-base/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", "accessPath": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Artistic", "GFDL-1.2", "GPL", "GPL-2", "GPL-3", "LGPL" ], "cpes": [ "cpe:2.3:a:gcc-12-base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", "cpe:2.3:a:gcc-12-base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", "cpe:2.3:a:gcc_12_base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", "cpe:2.3:a:gcc_12_base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", "cpe:2.3:a:gcc-12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", "cpe:2.3:a:gcc-12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", "cpe:2.3:a:gcc_12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", "cpe:2.3:a:gcc_12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", "cpe:2.3:a:gcc:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", "cpe:2.3:a:gcc:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/gcc-12-base@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { "name": "gcc-12" } ] } }, { "vulnerability": { "id": "CVE-2022-27943", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { "cve": "CVE-2022-27943", "epss": 0.0005, "percentile": 0.15344, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2022-27943", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0025 }, "relatedVulnerabilities": [ { "id": "CVE-2022-27943", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 4.3, "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2022-27943", "epss": 0.0005, "percentile": 0.15344, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2022-27943", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "gcc-12", "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "d36a882b8a3ded0b", "name": "libatomic1", "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libatomic1", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libatomic1", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libatomic1:libatomic1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libatomic1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { "name": "gcc-12" } ] } }, { "vulnerability": { "id": "CVE-2022-27943", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { "cve": "CVE-2022-27943", "epss": 0.0005, "percentile": 0.15344, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2022-27943", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0025 }, "relatedVulnerabilities": [ { "id": "CVE-2022-27943", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 4.3, "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2022-27943", "epss": 0.0005, "percentile": 0.15344, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2022-27943", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "gcc-12", "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "74f0cf86f14f0675", "name": "libgcc-s1", "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgcc-s1", "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", "accessPath": "/var/lib/dpkg/status.d/libgcc-s1", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/gcc-12-base/copyright", "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", "accessPath": "/usr/share/doc/libgcc-s1/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", "accessPath": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Artistic", "GFDL-1.2", "GPL", "GPL-2", "GPL-3", "LGPL" ], "cpes": [ "cpe:2.3:a:libgcc-s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", "cpe:2.3:a:libgcc-s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", "cpe:2.3:a:libgcc_s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", "cpe:2.3:a:libgcc_s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", "cpe:2.3:a:libgcc:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", "cpe:2.3:a:libgcc:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgcc-s1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { "name": "gcc-12" } ] } }, { "vulnerability": { "id": "CVE-2022-27943", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { "cve": "CVE-2022-27943", "epss": 0.0005, "percentile": 0.15344, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2022-27943", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0025 }, "relatedVulnerabilities": [ { "id": "CVE-2022-27943", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 4.3, "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2022-27943", "epss": 0.0005, "percentile": 0.15344, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2022-27943", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "gcc-12", "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "cd7473971e9d06dd", "name": "libgomp1", "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgomp1", "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", "accessPath": "/var/lib/dpkg/status.d/libgomp1", "annotations": { "evidence": "primary" } }, { "path": "/var/lib/dpkg/status.d/libgomp1.md5sums", "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", "accessPath": "/var/lib/dpkg/status.d/libgomp1.md5sums", "annotations": { "evidence": "supporting" } }, { "path": "/usr/share/doc/gcc-12-base/copyright", "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", "accessPath": "/usr/share/doc/libgomp1/copyright", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Artistic", "GFDL-1.2", "GPL", "GPL-2", "GPL-3", "LGPL" ], "cpes": [ "cpe:2.3:a:libgomp1:libgomp1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgomp1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { "name": "gcc-12" } ] } }, { "vulnerability": { "id": "CVE-2022-27943", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { "cve": "CVE-2022-27943", "epss": 0.0005, "percentile": 0.15344, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2022-27943", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0025 }, "relatedVulnerabilities": [ { "id": "CVE-2022-27943", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 4.3, "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2022-27943", "epss": 0.0005, "percentile": 0.15344, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2022-27943", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "gcc-12", "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "9a37debf0d05047e", "name": "libstdc++6", "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libstdc++6", "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", "accessPath": "/var/lib/dpkg/status.d/libstdc++6", "annotations": { "evidence": "primary" } }, { "path": "/var/lib/dpkg/status.d/libstdc++6.md5sums", "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", "accessPath": "/var/lib/dpkg/status.d/libstdc++6.md5sums", "annotations": { "evidence": "supporting" } }, { "path": "/usr/share/doc/gcc-12-base/copyright", "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", "accessPath": "/usr/share/doc/libstdc++6/copyright", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Artistic", "GFDL-1.2", "GPL", "GPL-2", "GPL-3", "LGPL" ], "cpes": [ "cpe:2.3:a:libstdc\\+\\+6:libstdc\\+\\+6:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libstdc%2B%2B6@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { "name": "gcc-12" } ] } }, { "vulnerability": { "id": "CVE-2013-4392", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [], "epss": [ { "cve": "CVE-2013-4392", "epss": 0.00042, "percentile": 0.12677, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2013-4392", "cwe": "CWE-59", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2013-4392", "cwe": "CWE-59", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0021000000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2013-4392", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", "http://www.openwall.com/lists/oss-security/2013/10/01/9", "https://bugzilla.redhat.com/show_bug.cgi?id=859060" ], "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "metrics": { "baseScore": 3.3, "exploitabilityScore": 3.4, "impactScore": 5 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2013-4392", "epss": 0.00042, "percentile": 0.12677, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2013-4392", "cwe": "CWE-59", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2013-4392", "cwe": "CWE-59", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "systemd", "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2013-4392", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "a48fdf88485dfed0", "name": "libsystemd0", "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { "name": "systemd" } ] } }, { "vulnerability": { "id": "CVE-2013-4392", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [], "epss": [ { "cve": "CVE-2013-4392", "epss": 0.00042, "percentile": 0.12677, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2013-4392", "cwe": "CWE-59", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2013-4392", "cwe": "CWE-59", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0021000000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2013-4392", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", "http://www.openwall.com/lists/oss-security/2013/10/01/9", "https://bugzilla.redhat.com/show_bug.cgi?id=859060" ], "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "metrics": { "baseScore": 3.3, "exploitabilityScore": 3.4, "impactScore": 5 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2013-4392", "epss": 0.00042, "percentile": 0.12677, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2013-4392", "cwe": "CWE-59", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2013-4392", "cwe": "CWE-59", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "systemd", "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2013-4392", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "fbdf5e39d3c6b8fd", "name": "systemd", "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2025-15079", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15079", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "cvss": [], "epss": [ { "cve": "CVE-2025-15079", "epss": 0.00035, "percentile": 0.10291, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-15079", "cwe": "CWE-297", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0017500000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2025-15079", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15079", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-15079.html", "https://curl.se/docs/CVE-2025-15079.json", "https://hackerone.com/reports/3477116", "http://www.openwall.com/lists/oss-security/2026/01/07/6" ], "description": "When doing SSH-based transfers using either SCP or SFTP, and setting the\nknown_hosts file, libcurl could still mistakenly accept connecting to hosts\n*not present* in the specified file if they were added as recognized in the\nlibssh *global* known_hosts file.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-15079", "epss": 0.00035, "percentile": 0.10291, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-15079", "cwe": "CWE-297", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "curl", "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2025-15079", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "7b756a4c6b6cb784", "name": "libcurl4", "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2025-10966", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", "cvss": [], "epss": [ { "cve": "CVE-2025-10966", "epss": 0.00026, "percentile": 0.07109, "date": "2026-04-27" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0013 }, "relatedVulnerabilities": [ { "id": "CVE-2025-10966", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-10966.html", "https://curl.se/docs/CVE-2025-10966.json", "https://hackerone.com/reports/3355218", "http://www.openwall.com/lists/oss-security/2025/11/05/2", "https://github.com/curl/curl/commit/b011e3fcfb06d6c0278595ee2ee297036fbe9793" ], "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 4.3, "exploitabilityScore": 2.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-10966", "epss": 0.00026, "percentile": 0.07109, "date": "2026-04-27" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "curl", "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2025-10966", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "7b756a4c6b6cb784", "name": "libcurl4", "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2026-22185", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22185", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [], "epss": [ { "cve": "CVE-2026-22185", "epss": 0.00021, "percentile": 0.05794, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-22185", "cwe": "CWE-125", "source": "disclosure@vulncheck.com", "type": "Secondary" }, { "cve": "CVE-2026-22185", "cwe": "CWE-191", "source": "disclosure@vulncheck.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0010500000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2026-22185", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://bugs.openldap.org/show_bug.cgi?id=10421", "https://seclists.org/fulldisclosure/2026/Jan/5", "https://seclists.org/fulldisclosure/2026/Jan/8", "https://www.openldap.org/", "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { "source": "disclosure@vulncheck.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-22185", "epss": 0.00021, "percentile": 0.05794, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-22185", "cwe": "CWE-125", "source": "disclosure@vulncheck.com", "type": "Secondary" }, { "cve": "CVE-2026-22185", "cwe": "CWE-191", "source": "disclosure@vulncheck.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "openldap", "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "919a44d8cbaa32e2", "name": "libldap-2.5-0", "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { "name": "openldap" } ] } }, { "vulnerability": { "id": "CVE-2025-14017", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14017", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "cvss": [], "epss": [ { "cve": "CVE-2025-14017", "epss": 0.00007, "percentile": 0.0062, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-14017", "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00035 }, "relatedVulnerabilities": [ { "id": "CVE-2025-14017", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-14017.html", "https://curl.se/docs/CVE-2025-14017.json", "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 6.3, "exploitabilityScore": 1.1, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14017", "epss": 0.00007, "percentile": 0.0062, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-14017", "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { "name": "curl", "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "7b756a4c6b6cb784", "name": "libcurl4", "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { "name": "curl" } ] } } ], "source": { "type": "image", "target": { "userInput": "ghcr.io/fluent/fluent-bit:4.0.13", "imageID": "sha256:fc8f3843dcd56ee92b5567c6e336d164277953bc4e7aeb1f874d5f2af314fa0a", "manifestDigest": "sha256:09a660088fbc83c6cce0122e37847c63f6def1877f76986ea8196ee36700a6fc", "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "tags": [ "ghcr.io/fluent/fluent-bit:4.0.13" ], "imageSize": 105574252, "layers": [ { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:bff7f7a9d44356d8784500366094c66399aa6a2edd990cc70e02e27c84402753", "size": 270695 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:8fa10c0194df9b7c054c90dbe482585f768a54428fc90a5b78a0066a123b1bba", "size": 22888 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:4840c7c54023c867f19564429c89ddae4e9589c83dce82492183a7e9f7dab1fa", "size": 1464662 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:114dde0fefebbca13165d0da9c500a66190e497a82a53dcaabc3172d630be1e9", "size": 82129 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368", "size": 0 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc", "size": 149 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:6f1cdceb6a3146f0ccb986521156bef8a422cdbb0863396f7f751f575ba308f4", "size": 0 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b", "size": 64 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1", "size": 0 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849", "size": 497 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3", "size": 346 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:bfe9137a1b044e8097cdfcb6899137a8a984ed70931ed1e8ef0cf7e023a139fc", "size": 235531 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", "size": 12825148 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", "size": 5901135 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", "size": 291001 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", "size": 2311333 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", "size": 126113 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", "size": 94016 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", "size": 16642538 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:5d1b0aa52221617313bea5fd19d2291dfc09f662ad866d5f87c658e57a30101d", "size": 217681 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:f9725a4843d8177ab79ad0290db93000cfd21f404e0950ca2df8f77bc8a8e398", "size": 65088326 } ], "manifest": "eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjo1MjgzLCJkaWdlc3QiOiJzaGEyNTY6ZmM4ZjM4NDNkY2Q1NmVlOTJiNTU2N2M2ZTMzNmQxNjQyNzc5NTNiYzRlN2FlYjFmODc0ZDVmMmFmMzE0ZmEwYSJ9LCJsYXllcnMiOlt7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjozMjc2ODAsImRpZ2VzdCI6InNoYTI1NjpiZmY3ZjdhOWQ0NDM1NmQ4Nzg0NTAwMzY2MDk0YzY2Mzk5YWE2YTJlZGQ5OTBjYzcwZTAyZTI3Yzg0NDAyNzUzIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6NDA5NjAsImRpZ2VzdCI6InNoYTI1Njo4ZmExMGMwMTk0ZGY5YjdjMDU0YzkwZGJlNDgyNTg1Zjc2OGE1NDQyOGZjOTBhNWI3OGEwMDY2YTEyM2IxYmJhIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MjQwNjQwMCwiZGlnZXN0Ijoic2hhMjU2OjQ4NDBjN2M1NDAyM2M4NjdmMTk1NjQ0MjljODlkZGFlNGU5NTg5YzgzZGNlODI0OTIxODNhN2U5ZjdkYWIxZmEifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoxMDI0MDAsImRpZ2VzdCI6InNoYTI1NjoxMTRkZGUwZmVmZWJiY2ExMzE2NWQwZGE5YzUwMGE2NjE5MGU0OTdhODJhNTNkY2FhYmMzMTcyZDYzMGJlMWU5In0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MTUzNiwiZGlnZXN0Ijoic2hhMjU2OjRkMDQ5ZjgzZDljZjIxZDFmNWNjMGUxMWRlYWYzNmRmMDI3OTBkMGU2MGMxYTM4Mjk1MzhmYjRiNjE2ODUzNjgifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoyNTYwLCJkaWdlc3QiOiJzaGEyNTY6YWY1YWE5N2ViZTZjZTE2MDQ3NDdlYzFlMjFhZjcxMzZkZWQzOTFiY2FiZTRhY2VmODgyZTcxOGE4N2M4NmJjYyJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjI1NjAsImRpZ2VzdCI6InNoYTI1Njo2ZjFjZGNlYjZhMzE0NmYwY2NiOTg2NTIxMTU2YmVmOGE0MjJjZGJiMDg2MzM5NmY3Zjc1MWY1NzViYTMwOGY0In0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MjU2MCwiZGlnZXN0Ijoic2hhMjU2OmJiYjZjYWNiOGM4MmU0ZGE0ZTgxNDNlMDMzNTFlOTM5ZWFiNWUyMWNlMGVmMzMzYzQyZTYzN2FmODZjNTIxN2IifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoxNTM2LCJkaWdlc3QiOiJzaGEyNTY6MmE5MmQ2YWM5ZTRmY2MyNzRkNTE2OGIyMTdjYTQ0NThhOWZlYzZmMDk0ZWFkNjhkOTljNzcwNzNmMDhjYWFjMSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjEwMjQwLCJkaWdlc3QiOiJzaGEyNTY6MWE3M2I1NGY1NTZiNDc3ZjBhOGI5MzlkMTNjNTA0YTNiNGY0ZGI3MWY3YTA5YzYzYWZiYzEwYWNiM2RlNTg0OSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjMwNzIsImRpZ2VzdCI6InNoYTI1NjpmNGFlZTllNTNjNDJhMjJlZDgyNDUxMjE4YzNlYTAzZDFlZWE4ZDZjYThmYmU4ZWI0ZTk1MDMwNGJhOGE4YmIzIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MjQxNjY0LCJkaWdlc3QiOiJzaGEyNTY6YmZlOTEzN2ExYjA0NGU4MDk3Y2RmY2I2ODk5MTM3YThhOTg0ZWQ3MDkzMWVkMWU4ZWYwY2Y3ZTAyM2ExMzlmYyJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjEzMDY2MjQwLCJkaWdlc3QiOiJzaGEyNTY6YmQyOTUwMmFkZjE5OWFkOWMwM2FmYmE5YmM3OWRmNTcyYTI2ZWM2MGEyYTZmZmRkYTQ4ODNhNWI3YTE2MzJmZSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjU5MTg3MjAsImRpZ2VzdCI6InNoYTI1Njo4MTI3YTk2NzMyMjRkZmU1NDc5OTM1OTA2MmU4MzhkZTUwNDUzZDIxN2RkYzQ4ZGY2OGJmMzYxNTgyOGI4NmQ5In0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MzA3MjAwLCJkaWdlc3QiOiJzaGEyNTY6MjQwMWM1ZWEzMmE3NTQ1MmJjNGIwMmE2NjRjODBjZjYzZjE5NzcwNDY1MzkyNmZjYTE5ZTIyZTZjYmM4NTY1MiJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjIzMzQ3MjAsImRpZ2VzdCI6InNoYTI1Njo2ODE5YTFhZjA5N2RmNTQzZDU4ZGMzMGI1MWY3MzdlNTVmM2Y0MmE5YTA0ZTY0MWYxNzU4MzRhNTViZjA2MjljIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MTQzMzYwLCJkaWdlc3QiOiJzaGEyNTY6YzNhYmFlNDQyMzY4ZGM0NDdmMTVjNDY4OTMzODQzYzM2MWYyMjdmNWQ4N2IyYmI4NjUxNWI0OWY0MDU4M2VkOSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjExMjY0MCwiZGlnZXN0Ijoic2hhMjU2OjcwOTU0MTI0MTdkMmRjZTI4OWI3N2Y3YThjNjMyYTA3YzgyYjcwN2ZlNDNjZmVmNzM2OGMzYjY1YzhkMjUzOGEifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoxNjkxNjQ4MCwiZGlnZXN0Ijoic2hhMjU2OmMzN2JmN2VmMWFmNTAwZWYzMjliNjQzOWMzZDEzZjYwMDhkNTc3OWRmMzQzM2Q4OTk0MzI1ZTUzYmIzOWI1NTEifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjozNzAxNzYsImRpZ2VzdCI6InNoYTI1Njo1ZDFiMGFhNTIyMjE2MTczMTNiZWE1ZmQxOWQyMjkxZGZjMDlmNjYyYWQ4NjZkNWY4N2M2NThlNTdhMzAxMDFkIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6NjUwOTg3NTIsImRpZ2VzdCI6InNoYTI1NjpmOTcyNWE0ODQzZDgxNzdhYjc5YWQwMjkwZGI5MzAwMGNmZDIxZjQwNGUwOTUwY2EyZGY4Zjc3YmM4YThlMzk4In1dfQ==", "config": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJVc2VyIjoiMCIsIkV4cG9zZWRQb3J0cyI6eyIyMDIwL3RjcCI6e319LCJFbnYiOlsiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iLCJTU0xfQ0VSVF9GSUxFPS9ldGMvc3NsL2NlcnRzL2NhLWNlcnRpZmljYXRlcy5jcnQiLCJGTFVFTlRfQklUX1ZFUlNJT049NC4wLjEzIl0sIkVudHJ5cG9pbnQiOlsiL2ZsdWVudC1iaXQvYmluL2ZsdWVudC1iaXQiXSwiQ21kIjpbIi9mbHVlbnQtYml0L2Jpbi9mbHVlbnQtYml0IiwiLWMiLCIvZmx1ZW50LWJpdC9ldGMvZmx1ZW50LWJpdC5jb25mIl0sIldvcmtpbmdEaXIiOiIvIiwiTGFiZWxzIjp7ImF1dGhvciI6IkVkdWFyZG8gU2lsdmEgXHUwMDNjZWR1YXJkby5zaWx2YUBjaHJvbm9zcGhlcmUuaW9cdTAwM2UiLCJkZXNjcmlwdGlvbiI6IkZsdWVudCBCaXQgbXVsdGktYXJjaGl0ZWN0dXJlIGNvbnRhaW5lciBpbWFnZSIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS5hdXRob3JzIjoiRWR1YXJkbyBTaWx2YSBcdTAwM2NlZHVhcmRvLnNpbHZhQGNocm9ub3NwaGVyZS5pb1x1MDAzZSIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS5kZXNjcmlwdGlvbiI6IkZsdWVudCBCaXQgY29udGFpbmVyIGltYWdlIiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLmRvY3VtZW50YXRpb24iOiJodHRwczovL2RvY3MuZmx1ZW50Yml0LmlvLyIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS5saWNlbnNlcyI6IkFwYWNoZS0yLjAiLCJvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2Uuc291cmNlIjoiaHR0cHM6Ly9naXRodWIuY29tL2ZsdWVudC9mbHVlbnQtYml0Iiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLnRpdGxlIjoiRmx1ZW50IEJpdCIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS52ZW5kb3IiOiJGbHVlbnQgT3JnYW5pemF0aW9uIiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLnZlcnNpb24iOiI0LjAuMTMiLCJ2ZW5kb3IiOiJGbHVlbnQgT3JnYW5pemF0aW9uIiwidmVyc2lvbiI6IjQuMC4xMyJ9LCJBcmdzRXNjYXBlZCI6dHJ1ZX0sImNyZWF0ZWQiOiIyMDI1LTEwLTE2VDA2OjM0OjI4LjA5MzkzMDA4MVoiLCJoaXN0b3J5IjpbeyJjcmVhdGVkIjoiMDAwMS0wMS0wMVQwMDowMDowMFoifSx7ImNyZWF0ZWQiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiJ9LHsiY3JlYXRlZCI6IjAwMDEtMDEtMDFUMDA6MDA6MDBaIn0seyJjcmVhdGVkIjoiMDAwMS0wMS0wMVQwMDowMDowMFoifSx7ImNyZWF0ZWQiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiJ9LHsiY3JlYXRlZCI6IjAwMDEtMDEtMDFUMDA6MDA6MDBaIn0seyJjcmVhdGVkIjoiMDAwMS0wMS0wMVQwMDowMDowMFoifSx7ImNyZWF0ZWQiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiJ9LHsiY3JlYXRlZCI6IjAwMDEtMDEtMDFUMDA6MDA6MDBaIn0seyJjcmVhdGVkIjoiMDAwMS0wMS0wMVQwMDowMDowMFoifSx7ImNyZWF0ZWQiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiJ9LHsiY3JlYXRlZCI6IjAwMDEtMDEtMDFUMDA6MDA6MDBaIn0seyJjcmVhdGVkIjoiMDAwMS0wMS0wMVQwMDowMDowMFoifSx7ImNyZWF0ZWQiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiJ9LHsiY3JlYXRlZCI6IjAwMDEtMDEtMDFUMDA6MDA6MDBaIn0seyJjcmVhdGVkIjoiMDAwMS0wMS0wMVQwMDowMDowMFoifSx7ImNyZWF0ZWQiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiJ9LHsiY3JlYXRlZCI6IjAwMDEtMDEtMDFUMDA6MDA6MDBaIn0seyJjcmVhdGVkIjoiMjAyNS0xMC0xNlQwNjozMDowNi42Mzk3OTAzMTdaIiwiY3JlYXRlZF9ieSI6IkFSRyBSRUxFQVNFX1ZFUlNJT049NC4wLjEzIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0xMC0xNlQwNjozMDowNi42Mzk3OTAzMTdaIiwiY3JlYXRlZF9ieSI6IkVOViBGTFVFTlRfQklUX1ZFUlNJT049NC4wLjEzIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0xMC0xNlQwNjozMDowNi42Mzk3OTAzMTdaIiwiY3JlYXRlZF9ieSI6IkxBQkVMIGRlc2NyaXB0aW9uPUZsdWVudCBCaXQgbXVsdGktYXJjaGl0ZWN0dXJlIGNvbnRhaW5lciBpbWFnZSB2ZW5kb3I9Rmx1ZW50IE9yZ2FuaXphdGlvbiB2ZXJzaW9uPTQuMC4xMyBhdXRob3I9RWR1YXJkbyBTaWx2YSBcdTAwM2NlZHVhcmRvLnNpbHZhQGNocm9ub3NwaGVyZS5pb1x1MDAzZSBvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UuZGVzY3JpcHRpb249Rmx1ZW50IEJpdCBjb250YWluZXIgaW1hZ2Ugb3JnLm9wZW5jb250YWluZXJzLmltYWdlLnRpdGxlPUZsdWVudCBCaXQgb3JnLm9wZW5jb250YWluZXJzLmltYWdlLmxpY2Vuc2VzPUFwYWNoZS0yLjAgb3JnLm9wZW5jb250YWluZXJzLmltYWdlLnZlbmRvcj1GbHVlbnQgT3JnYW5pemF0aW9uIG9yZy5vcGVuY29udGFpbmVycy5pbWFnZS52ZXJzaW9uPTQuMC4xMyBvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2Uuc291cmNlPWh0dHBzOi8vZ2l0aHViLmNvbS9mbHVlbnQvZmx1ZW50LWJpdCBvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UuZG9jdW1lbnRhdGlvbj1odHRwczovL2RvY3MuZmx1ZW50Yml0LmlvLyBvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UuYXV0aG9ycz1FZHVhcmRvIFNpbHZhIFx1MDAzY2VkdWFyZG8uc2lsdmFAY2hyb25vc3BoZXJlLmlvXHUwMDNlIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0xMC0xNlQwNjozMDowNi42Mzk3OTAzMTdaIiwiY3JlYXRlZF9ieSI6IkNPUFkgL2Rwa2cgLyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI1LTEwLTE2VDA2OjM0OjI4LjAyMzA2OTY4NFoiLCJjcmVhdGVkX2J5IjoiQ09QWSAvZXRjL3NzbC9jZXJ0cyAvZXRjL3NzbC9jZXJ0cyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI1LTEwLTE2VDA2OjM0OjI4LjA5MzkzMDA4MVoiLCJjcmVhdGVkX2J5IjoiQ09QWSAvZmx1ZW50LWJpdCAvZmx1ZW50LWJpdCAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI1LTEwLTE2VDA2OjM0OjI4LjA5MzkzMDA4MVoiLCJjcmVhdGVkX2J5IjoiRVhQT1NFIFsyMDIwL3RjcF0iLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTEwLTE2VDA2OjM0OjI4LjA5MzkzMDA4MVoiLCJjcmVhdGVkX2J5IjoiRU5UUllQT0lOVCBbXCIvZmx1ZW50LWJpdC9iaW4vZmx1ZW50LWJpdFwiXSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMTAtMTZUMDY6MzQ6MjguMDkzOTMwMDgxWiIsImNyZWF0ZWRfYnkiOiJDTUQgW1wiL2ZsdWVudC1iaXQvYmluL2ZsdWVudC1iaXRcIiBcIi1jXCIgXCIvZmx1ZW50LWJpdC9ldGMvZmx1ZW50LWJpdC5jb25mXCJdIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX1dLCJvcyI6ImxpbnV4Iiwicm9vdGZzIjp7InR5cGUiOiJsYXllcnMiLCJkaWZmX2lkcyI6WyJzaGEyNTY6YmZmN2Y3YTlkNDQzNTZkODc4NDUwMDM2NjA5NGM2NjM5OWFhNmEyZWRkOTkwY2M3MGUwMmUyN2M4NDQwMjc1MyIsInNoYTI1Njo4ZmExMGMwMTk0ZGY5YjdjMDU0YzkwZGJlNDgyNTg1Zjc2OGE1NDQyOGZjOTBhNWI3OGEwMDY2YTEyM2IxYmJhIiwic2hhMjU2OjQ4NDBjN2M1NDAyM2M4NjdmMTk1NjQ0MjljODlkZGFlNGU5NTg5YzgzZGNlODI0OTIxODNhN2U5ZjdkYWIxZmEiLCJzaGEyNTY6MTE0ZGRlMGZlZmViYmNhMTMxNjVkMGRhOWM1MDBhNjYxOTBlNDk3YTgyYTUzZGNhYWJjMzE3MmQ2MzBiZTFlOSIsInNoYTI1Njo0ZDA0OWY4M2Q5Y2YyMWQxZjVjYzBlMTFkZWFmMzZkZjAyNzkwZDBlNjBjMWEzODI5NTM4ZmI0YjYxNjg1MzY4Iiwic2hhMjU2OmFmNWFhOTdlYmU2Y2UxNjA0NzQ3ZWMxZTIxYWY3MTM2ZGVkMzkxYmNhYmU0YWNlZjg4MmU3MThhODdjODZiY2MiLCJzaGEyNTY6NmYxY2RjZWI2YTMxNDZmMGNjYjk4NjUyMTE1NmJlZjhhNDIyY2RiYjA4NjMzOTZmN2Y3NTFmNTc1YmEzMDhmNCIsInNoYTI1NjpiYmI2Y2FjYjhjODJlNGRhNGU4MTQzZTAzMzUxZTkzOWVhYjVlMjFjZTBlZjMzM2M0MmU2MzdhZjg2YzUyMTdiIiwic2hhMjU2OjJhOTJkNmFjOWU0ZmNjMjc0ZDUxNjhiMjE3Y2E0NDU4YTlmZWM2ZjA5NGVhZDY4ZDk5Yzc3MDczZjA4Y2FhYzEiLCJzaGEyNTY6MWE3M2I1NGY1NTZiNDc3ZjBhOGI5MzlkMTNjNTA0YTNiNGY0ZGI3MWY3YTA5YzYzYWZiYzEwYWNiM2RlNTg0OSIsInNoYTI1NjpmNGFlZTllNTNjNDJhMjJlZDgyNDUxMjE4YzNlYTAzZDFlZWE4ZDZjYThmYmU4ZWI0ZTk1MDMwNGJhOGE4YmIzIiwic2hhMjU2OmJmZTkxMzdhMWIwNDRlODA5N2NkZmNiNjg5OTEzN2E4YTk4NGVkNzA5MzFlZDFlOGVmMGNmN2UwMjNhMTM5ZmMiLCJzaGEyNTY6YmQyOTUwMmFkZjE5OWFkOWMwM2FmYmE5YmM3OWRmNTcyYTI2ZWM2MGEyYTZmZmRkYTQ4ODNhNWI3YTE2MzJmZSIsInNoYTI1Njo4MTI3YTk2NzMyMjRkZmU1NDc5OTM1OTA2MmU4MzhkZTUwNDUzZDIxN2RkYzQ4ZGY2OGJmMzYxNTgyOGI4NmQ5Iiwic2hhMjU2OjI0MDFjNWVhMzJhNzU0NTJiYzRiMDJhNjY0YzgwY2Y2M2YxOTc3MDQ2NTM5MjZmY2ExOWUyMmU2Y2JjODU2NTIiLCJzaGEyNTY6NjgxOWExYWYwOTdkZjU0M2Q1OGRjMzBiNTFmNzM3ZTU1ZjNmNDJhOWEwNGU2NDFmMTc1ODM0YTU1YmYwNjI5YyIsInNoYTI1NjpjM2FiYWU0NDIzNjhkYzQ0N2YxNWM0Njg5MzM4NDNjMzYxZjIyN2Y1ZDg3YjJiYjg2NTE1YjQ5ZjQwNTgzZWQ5Iiwic2hhMjU2OjcwOTU0MTI0MTdkMmRjZTI4OWI3N2Y3YThjNjMyYTA3YzgyYjcwN2ZlNDNjZmVmNzM2OGMzYjY1YzhkMjUzOGEiLCJzaGEyNTY6YzM3YmY3ZWYxYWY1MDBlZjMyOWI2NDM5YzNkMTNmNjAwOGQ1Nzc5ZGYzNDMzZDg5OTQzMjVlNTNiYjM5YjU1MSIsInNoYTI1Njo1ZDFiMGFhNTIyMjE2MTczMTNiZWE1ZmQxOWQyMjkxZGZjMDlmNjYyYWQ4NjZkNWY4N2M2NThlNTdhMzAxMDFkIiwic2hhMjU2OmY5NzI1YTQ4NDNkODE3N2FiNzlhZDAyOTBkYjkzMDAwY2ZkMjFmNDA0ZTA5NTBjYTJkZjhmNzdiYzhhOGUzOTgiXX19", "repoDigests": [ "ghcr.io/fluent/fluent-bit@sha256:2c2d19b881b17ad3ee2e5dd75302b799151d2106f191e2652a479018a743d6e1" ], "architecture": "amd64", "os": "linux", "labels": { "author": "Eduardo Silva ", "description": "Fluent Bit multi-architecture container image", "org.opencontainers.image.authors": "Eduardo Silva ", "org.opencontainers.image.description": "Fluent Bit container image", "org.opencontainers.image.documentation": "https://docs.fluentbit.io/", "org.opencontainers.image.licenses": "Apache-2.0", "org.opencontainers.image.source": "https://github.com/fluent/fluent-bit", "org.opencontainers.image.title": "Fluent Bit", "org.opencontainers.image.vendor": "Fluent Organization", "org.opencontainers.image.version": "4.0.13", "vendor": "Fluent Organization", "version": "4.0.13" } } }, "distro": { "name": "debian", "version": "12", "idLike": [] }, "descriptor": { "name": "grype", "version": "0.111.1", "configuration": { "output": [ "json" ], "file": "security/oss/grype-4.0.13.json", "pretty": true, "distro": "", "add-cpes-if-none": false, "output-template-file": "", "check-for-app-update": true, "only-fixed": false, "only-notfixed": false, "ignore-wontfix": "", "platform": "", "search": { "scope": "squashed", "unindexed-archives": false, "indexed-archives": true }, "ignore": [ { "vulnerability": "", "include-aliases": false, "reason": "", "namespace": "", "fix-state": "", "package": { "name": "kernel-headers", "version": "", "language": "", "type": "rpm", "location": "", "upstream-name": "kernel" }, "vex-status": "", "vex-justification": "", "match-type": "exact-indirect-match" }, { "vulnerability": "", "include-aliases": false, "reason": "", "namespace": "", "fix-state": "", "package": { "name": "linux(-.*)?-headers-.*", "version": "", "language": "", "type": "deb", "location": "", "upstream-name": "linux.*" }, "vex-status": "", "vex-justification": "", "match-type": "exact-indirect-match" }, { "vulnerability": "", "include-aliases": false, "reason": "", "namespace": "", "fix-state": "", "package": { "name": "linux-libc-dev", "version": "", "language": "", "type": "deb", "location": "", "upstream-name": "linux" }, "vex-status": "", "vex-justification": "", "match-type": "exact-indirect-match" } ], "exclude": [], "externalSources": { "enable": false, "maven": { "searchUpstreamBySha1": true, "baseUrl": "https://search.maven.org/solrsearch/select", "rateLimit": 300000000 } }, "match": { "java": { "using-cpes": false }, "jvm": { "using-cpes": true }, "dotnet": { "using-cpes": false }, "golang": { "using-cpes": false, "always-use-cpe-for-stdlib": true, "allow-main-module-pseudo-version-comparison": false }, "javascript": { "using-cpes": false }, "python": { "using-cpes": false }, "ruby": { "using-cpes": false }, "rust": { "using-cpes": false }, "hex": { "using-cpes": false }, "stock": { "using-cpes": true }, "dpkg": { "using-cpes": false, "missing-epoch-strategy": "zero", "use-cpes-for-eol": false }, "rpm": { "using-cpes": false, "missing-epoch-strategy": "auto", "use-cpes-for-eol": false } }, "fail-on-severity": "", "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, "ca-cert": "" }, "show-suppressed": false, "by-cve": false, "SortBy": { "sort-by": "risk" }, "name": "", "default-image-pull-source": "", "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, "fix-channel": { "redhat-eus": { "apply": "auto", "versions": ">= 8.0" } }, "timestamp": false, "alerts": { "enable-eol-distro-warnings": true }, "db": { "cache-dir": ".cache/grype/db", "update-url": "https://grype.anchore.io/databases", "ca-cert": "", "auto-update": true, "validate-by-hash-on-start": true, "validate-age": true, "max-allowed-built-age": 432000000000000, "require-update-check": false, "update-available-timeout": 30000000000, "update-download-timeout": 300000000000, "max-update-check-frequency": 7200000000000 }, "exp": {}, "dev": { "db": { "debug": false } } }, "db": { "status": { "schemaVersion": "v6.1.4", "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-04-27T08:59:18Z_1777360662.tar.zst?checksum=sha256%3A0a48647b7ac49772836147a2e1eedb50e3c966ac4544e5cf518a8a68f0212781", "built": "2026-04-28T07:17:42Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { "captured": "2026-04-28T00:44:16Z", "input": "xxh64:1b46f6f1ee9783b6" }, "alpine": { "captured": "2026-04-28T00:44:31Z", "input": "xxh64:e7e6b44920a79618" }, "amazon": { "captured": "2026-04-28T00:44:29Z", "input": "xxh64:d7af2299a168043e" }, "arch": { "captured": "2026-04-28T00:44:23Z", "input": "xxh64:b477def28ae2ac9a" }, "bitnami": { "captured": "2026-04-28T00:44:23Z", "input": "xxh64:bf825eb216550847" }, "chainguard": { "captured": "2026-04-28T00:44:28Z", "input": "xxh64:c1948cf75cf09b8b" }, "chainguard-libraries": { "captured": "2026-04-28T00:44:27Z", "input": "xxh64:fd0f7aa3082d6474" }, "debian": { "captured": "2026-04-28T00:44:31Z", "input": "xxh64:4a7fabd5a110a725" }, "echo": { "captured": "2026-04-28T00:44:25Z", "input": "xxh64:1b6382ce8ce1e22a" }, "eol": { "captured": "2026-04-28T00:44:25Z", "input": "xxh64:b7a4b43a6a52ac24" }, "epss": { "captured": "2026-04-28T00:44:32Z", "input": "xxh64:ae1b1638ba052826" }, "fedora": { "captured": "2026-04-28T00:44:28Z", "input": "xxh64:e1a96127d44681d2" }, "github": { "captured": "2026-04-28T00:44:18Z", "input": "xxh64:6653f4759bc9281c" }, "hummingbird": { "captured": "2026-04-28T00:44:30Z", "input": "xxh64:032936e8aac13dbe" }, "kev": { "captured": "2026-04-28T00:44:14Z", "input": "xxh64:101e117c2b00eee3" }, "mariner": { "captured": "2026-04-28T00:44:22Z", "input": "xxh64:b85c25c624bac779" }, "minimos": { "captured": "2026-04-28T00:44:20Z", "input": "xxh64:1f84cd7f40d31860" }, "nvd": { "captured": "2026-04-28T00:44:31Z", "input": "xxh64:316bdc9ed5aca652" }, "oracle": { "captured": "2026-04-28T00:44:16Z", "input": "xxh64:8ba7df6278dab7ac" }, "photon": { "captured": "2026-04-28T00:44:19Z", "input": "xxh64:abce0747dda045c3" }, "rhel": { "captured": "2026-04-28T00:44:58Z", "input": "xxh64:e23a0c7aa22bee56" }, "secureos": { "captured": "2026-04-28T00:44:24Z", "input": "xxh64:666df02c7462c081" }, "sles": { "captured": "2026-04-28T00:44:09Z", "input": "xxh64:ae9d6b81358bc27d" }, "ubuntu": { "captured": "2026-04-27T08:59:18Z", "input": "xxh64:17f8dd2bb345319a" }, "wolfi": { "captured": "2026-04-28T00:44:26Z", "input": "xxh64:21a164b2f36d51b0" } } } } }