mirror of
https://github.com/SAP/jenkins-library.git
synced 2024-12-12 10:55:20 +02:00
4ae97a8a73
* fixes change in protecode for cvss from float to string * Fixes protecode json files with new string format for cvss Co-authored-by: Vyacheslav Starostin <vyacheslav.starostin@sap.com>
1 line
1.5 MiB
1 line
1.5 MiB
{"meta": {"code": 200}, "results": {"components": [{"extended-objects": [{"confidence": 1.0, "sha1": "6760d4578f89646425fa0cb8e519896eca8c69da", "name": "libacl.so.1.1.0", "timestamp": 1369299888, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libacl.so.1.1.0"], "type": "native"}], "objects": ["libacl.so.1.1.0"], "version": "2.2.52-1", "lib": "acl", "distro_version": "2.2.52-1", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 1, "exact": 0, "historical": 1}, "vulns": [{"vuln": {"cve": "CVE-2009-4411", "summary": "The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the --physical (aka -P) or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack.", "cvss": "3.7", "published": "2009-12-24T16:30:00", "modified": "2017-08-17T01:31:34", "published-epoch": "1261672200", "modified-epoch": "1502933494", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-12-25T11:27:00", "cvss_created-epoch": "1261740420", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}], "tags": ["acl"], "short_version": "2.2.52-1", "latest_cmp": null, "homepage": null, "url": null, "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.9620493358633776, "sha1": "b3bad620d363c6ca832559c0d6de51037a1608b8", "name": "libapt-pkg.so.4.12.0", "timestamp": 1426638505, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.12.0"], "type": "native"}], "objects": ["libapt-pkg.so.4.12.0"], "version": "1.0.1ubuntu2.7", "lib": "apt", "distro_version": "1.0.1ubuntu2.7", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 16, "exact": 0, "historical": 16}, "vulns": [{"vuln": {"cve": "CVE-2014-0478", "summary": "APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature.", "cvss": "4.0", "published": "2014-06-17T14:55:06", "modified": "2017-12-22T02:29:12", "published-epoch": "1403016906", "modified-epoch": "1513909752", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-06-17T11:39:17", "cvss_created-epoch": "1403005157", "cvss2_vector": "AV:N/AC:H/Au:N:/C:N/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-0487", "summary": "APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.", "cvss": "7.5", "published": "2014-11-03T22:55:07", "modified": "2014-11-04T22:13:31", "published-epoch": "1415055307", "modified-epoch": "1415139211", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-11-04T12:50:38", "cvss_created-epoch": "1415105438", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-0488", "summary": "APT before 1.0.9 does not \"invalidate repository data\" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.", "cvss": "6.8", "published": "2014-11-03T22:55:07", "modified": "2014-11-04T22:12:14", "published-epoch": "1415055307", "modified-epoch": "1415139134", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-11-04T12:52:07", "cvss_created-epoch": "1415105527", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-0489", "summary": "APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.", "cvss": "7.5", "published": "2014-11-03T22:55:07", "modified": "2014-11-04T22:10:47", "published-epoch": "1415055307", "modified-epoch": "1415139047", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-11-04T17:54:14", "cvss_created-epoch": "1415123654", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-0490", "summary": "The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.", "cvss": "7.5", "published": "2014-11-03T22:55:07", "modified": "2014-11-04T21:32:49", "published-epoch": "1415055307", "modified-epoch": "1415136769", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-11-04T19:33:13", "cvss_created-epoch": "1415129593", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-7206", "summary": "The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.", "cvss": "3.6", "published": "2014-10-15T14:55:09", "modified": "2017-09-08T01:29:15", "published-epoch": "1413384909", "modified-epoch": "1504834155", "cwe": "CWE-59", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-10-22T15:40:21", "cvss_created-epoch": "1413992421", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2012-0961", "summary": "Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file.", "cvss": "2.1", "published": "2012-12-26T22:55:02", "modified": "2012-12-31T05:00:00", "published-epoch": "1356562502", "modified-epoch": "1356930000", "cwe": "CWE-200", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-12-27T17:51:00", "cvss_created-epoch": "1356630660", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-1358", "summary": "apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.", "cvss": "10.0", "published": "2009-04-21T23:30:00", "modified": "2017-08-17T01:30:18", "published-epoch": "1240356600", "modified-epoch": "1502933418", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-04-22T12:14:00", "cvss_created-epoch": "1240402440", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-6273", "summary": "Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.", "cvss": "6.8", "published": "2014-09-30T14:55:11", "modified": "2017-09-08T01:29:13", "published-epoch": "1412088911", "modified-epoch": "1504834153", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-10-02T00:25:37", "cvss_created-epoch": "1412209537", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-1829", "summary": "APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message.", "cvss": "4.3", "published": "2011-07-27T02:55:01", "modified": "2017-08-17T01:34:26", "published-epoch": "1311735301", "modified-epoch": "1502933666", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-07-27T13:40:00", "cvss_created-epoch": "1311774000", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-1051", "summary": "apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.", "cvss": "4.3", "published": "2013-03-21T17:55:01", "modified": "2013-03-22T14:31:30", "published-epoch": "1363888501", "modified-epoch": "1363962690", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-03-22T14:27:00", "cvss_created-epoch": "1363962420", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-3634", "summary": "methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.", "cvss": "2.6", "published": "2014-03-01T00:55:04", "modified": "2014-03-03T15:41:05", "published-epoch": "1393635304", "modified-epoch": "1393861265", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-03-03T15:41:05", "cvss_created-epoch": "1393861265", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-0954", "summary": "APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.", "cvss": "2.6", "published": "2012-06-19T20:55:05", "modified": "2012-06-26T04:00:00", "published-epoch": "1340139305", "modified-epoch": "1340683200", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-06-20T14:22:00", "cvss_created-epoch": "1340202120", "cvss2_vector": "AV:N/AC:H/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-3587", "summary": "APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.", "cvss": "2.6", "published": "2012-06-19T20:55:08", "modified": "2012-06-26T04:00:00", "published-epoch": "1340139308", "modified-epoch": "1340683200", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-06-20T14:36:00", "cvss_created-epoch": "1340202960", "cvss2_vector": "AV:N/AC:H/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-1300", "summary": "apt 0.7.20 does not check when the date command returns an \"invalid date\" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight.", "cvss": "10.0", "published": "2009-04-16T15:12:57", "modified": "2009-05-19T05:34:51", "published-epoch": "1239894777", "modified-epoch": "1242711291", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-04-16T16:11:00", "cvss_created-epoch": "1239898260", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-1252", "summary": "The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.", "cvss": "4.3", "published": "2017-12-05T16:29:00", "modified": "2017-12-20T20:44:36", "published-epoch": "1512491340", "modified-epoch": "1513802676", "cwe": "CWE-417", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-12-18T19:09:42", "cvss_created-epoch": "1513624182", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss3_score": "5.9"}, "exact": false}], "tags": ["system"], "short_version": "1.0.1ubuntu2.7", "latest_cmp": null, "homepage": null, "url": null, "codetype": "Native", "coverity_scan": {"name": "apt", "language": "C/C++", "id": 598, "homepage_url": "", "details": {"loc": 94862, "defect_density": {"comparison": 0.35, "over_time": [null], "score": 1.74, "verdict": "high", "loc_range": "less than 100,000"}, "build_date": "2013-07-24", "project_url": "https://scan.coverity.com/projects/apt", "version": "master", "cwe": [{"name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "defect_count": 1, "id": 120, "rank": 3, "uri": "http://cwe.mitre.org/top25/#CWE-120"}, {"name": "Integer Overflow or Wraparound", "defect_count": 1, "id": 190, "rank": 24, "uri": "http://cwe.mitre.org/top25/#CWE-190"}]}, "repo_url": "git://git.debian.org/git/apt.git", "slug": "apt", "mapped-name": "apt"}}, {"extended-objects": [{"confidence": 1.0, "sha1": "b97f363ce2399d970817143d5fa5a05fecced3c0", "name": "libattr.so.1.1.0", "timestamp": 1397058685, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libattr.so.1.1.0"], "type": "native"}], "objects": ["libattr.so.1.1.0"], "version": "2.4.47-1ubuntu1", "lib": "attr", "distro_version": "2.4.47-1ubuntu1", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 0, "exact": 0, "historical": 0}, "vulns": [], "tags": [], "short_version": "2.4.47-1ubuntu1", "latest_cmp": null, "homepage": null, "url": null, "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 1.0, "sha1": "fa8d1568c69eeec16e016f1ef2fb1a8d0ecce674", "name": "libaudit.so.1.0.0", "timestamp": 1386172122, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libaudit.so.1.0.0"], "type": "native"}], "objects": ["libaudit.so.1.0.0"], "version": "2.3.2-2ubuntu1", "lib": "audit", "distro_version": "2.3.2-2ubuntu1", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 6, "exact": 0, "historical": 6}, "vulns": [{"vuln": {"cve": "CVE-2008-1628", "summary": "Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from third party information.", "cvss": "4.1", "published": "2008-04-02T17:44:00", "modified": "2017-08-08T01:30:18", "published-epoch": "1207158240", "modified-epoch": "1502155818", "cwe": "CWE-119", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-04-02T19:47:00", "cvss_created-epoch": "1207165620", "cvss2_vector": "AV:L/AC:M/Au:S:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2007-4152", "summary": "The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to conduct replay attacks by capturing and resending data from the DETAILS and PROCESS sections of a session that schedules an audit.", "cvss": "9.3", "published": "2007-08-03T20:17:00", "modified": "2008-11-15T06:55:47", "published-epoch": "1186172220", "modified-epoch": "1226732147", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-08-06T15:06:00", "cvss_created-epoch": "1186412760", "cvss2_vector": "AV:N/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2007-4148", "summary": "Heap-based buffer overflow in the Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to cause a denial of service (persistent daemon crashes) or execute arbitrary code via a long filename in a \"LOG.\" command.", "cvss": "10.0", "published": "2007-08-03T20:17:00", "modified": "2008-11-15T06:55:46", "published-epoch": "1186172220", "modified-epoch": "1226732146", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-08-06T14:51:00", "cvss_created-epoch": "1186411860", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2007-4150", "summary": "The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information by sniffing the network; and (2) storing passwords in the configuration file, which allows local users to obtain sensitive information by reading this file.", "cvss": "10.0", "published": "2007-08-03T20:17:00", "modified": "2008-11-15T06:55:47", "published-epoch": "1186172220", "modified-epoch": "1226732147", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-08-06T14:59:00", "cvss_created-epoch": "1186412340", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2007-4149", "summary": "The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 does not require authentication for (1) the \"LOG.\" command, which allows remote attackers to create or overwrite arbitrary files; (2) the SETTINGSFILE command, which allows remote attackers to overwrite the ini file, and reconfigure VSAOD or cause a denial of service; or (3) the UNINSTALL command, which allows remote attackers to cause a denial of service (daemon shutdown). NOTE: vector 1 can be leveraged for code execution by writing to a Startup folder.", "cvss": "10.0", "published": "2007-08-03T20:17:00", "modified": "2012-11-06T03:44:33", "published-epoch": "1186172220", "modified-epoch": "1352173473", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-08-06T14:55:00", "cvss_created-epoch": "1186412100", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2007-4151", "summary": "The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to obtain sensitive information via (1) a LOG.ON command, which reveals the logging pathname in the server response; (2) a VER command, which reveals the version number in the server response; and (3) a connection, which reveals the version number in the banner.", "cvss": "4.3", "published": "2007-08-03T20:17:00", "modified": "2008-11-15T06:55:47", "published-epoch": "1186172220", "modified-epoch": "1226732147", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-08-06T15:05:00", "cvss_created-epoch": "1186412700", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}], "tags": ["monitor", "security"], "short_version": "2.3.2-2ubuntu1", "latest_cmp": null, "homepage": null, "url": null, "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.996742671009772, "sha1": "8e3aa19fdc42e87659746f6dc8ea3af74ab30362", "name": "bash", "timestamp": 1412709732, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "bin/bash"], "type": "native"}], "objects": ["bash"], "version": "4.3-7ubuntu1.5", "lib": "bash", "distro_version": "4.3-7ubuntu1.5", "distro": "ubuntu", "cpe": ["cpe:/a:gnu:bash:4.3-7ubuntu1.5"], "latest_version": "4.4.19", "vuln-count": {"total": 14, "exact": 2, "historical": 12}, "vulns": [{"vuln": {"cve": "CVE-2016-0634", "summary": "The expansion of '\\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.", "cvss": "6.0", "published": "2017-08-28T15:29:01", "modified": "2018-01-05T02:30:27", "published-epoch": "1503934141", "modified-epoch": "1515119427", "cwe": "CWE-78", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-09-08T14:23:15", "cvss_created-epoch": "1504880595", "cvss2_vector": "AV:N/AC:M/Au:S:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 258, "vuln_id": "CVE-2016-0634", "component": "bash", "vendor": null, "codetype": "NA", "version": "4.3-7ubuntu1.5", "modified": "2018-03-22T23:19:37.606669", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2014-6271", "summary": "GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka \"ShellShock.\" NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.", "cvss": "10.0", "published": "2014-09-24T18:48:04", "modified": "2017-10-05T01:29:02", "published-epoch": "1411584484", "modified-epoch": "1507166942", "cwe": "CWE-78", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-24T16:25:52", "cvss_created-epoch": "1466785552", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-6277", "summary": "GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.", "cvss": "10.0", "published": "2014-09-27T22:55:02", "modified": "2017-01-03T02:59:08", "published-epoch": "1411858502", "modified-epoch": "1483412348", "cwe": "CWE-78", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-28T17:25:56", "cvss_created-epoch": "1467134756", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-6278", "summary": "GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.", "cvss": "10.0", "published": "2014-09-30T10:55:04", "modified": "2017-09-08T01:29:13", "published-epoch": "1412074504", "modified-epoch": "1504834153", "cwe": "CWE-78", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-09-30T18:28:11", "cvss_created-epoch": "1412101691", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-7169", "summary": "GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.", "cvss": "10.0", "published": "2014-09-25T01:55:04", "modified": "2017-10-05T01:29:03", "published-epoch": "1411610104", "modified-epoch": "1507166943", "cwe": "CWE-78", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-09-25T13:10:14", "cvss_created-epoch": "1411650614", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-7186", "summary": "The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the \"redir_stack\" issue.", "cvss": "10.0", "published": "2014-09-28T19:55:06", "modified": "2017-01-03T02:59:11", "published-epoch": "1411934106", "modified-epoch": "1483412351", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-28T17:25:55", "cvss_created-epoch": "1467134755", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-7187", "summary": "Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the \"word_lineno\" issue.", "cvss": "10.0", "published": "2014-09-28T19:55:06", "modified": "2017-01-03T02:59:12", "published-epoch": "1411934106", "modified-epoch": "1483412352", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-28T17:25:55", "cvss_created-epoch": "1467134755", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2016-7543", "summary": "Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.", "cvss": "7.2", "published": "2017-01-19T20:59:00", "modified": "2018-01-05T02:31:15", "published-epoch": "1484859540", "modified-epoch": "1515119475", "cwe": "CWE-20", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-01-20T15:48:43", "cvss_created-epoch": "1484927323", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "8.4"}, "exact": true, "triage": [{"id": 255, "vuln_id": "CVE-2016-7543", "component": "bash", "vendor": null, "codetype": "NA", "version": "4.3-7ubuntu1.5", "modified": "2018-03-22T23:19:37.578815", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2012-3410", "summary": "Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix.", "cvss": "4.6", "published": "2012-08-27T23:55:01", "modified": "2017-08-29T01:31:55", "published-epoch": "1346111701", "modified-epoch": "1503970315", "cwe": "CWE-119", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-08-28T16:22:00", "cvss_created-epoch": "1346170920", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-9401", "summary": "popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.", "cvss": "2.1", "published": "2017-01-23T21:59:02", "modified": "2018-01-05T02:31:21", "published-epoch": "1485208742", "modified-epoch": "1515119481", "cwe": "CWE-416", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-01-26T04:13:52", "cvss_created-epoch": "1485404032", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "cvss3_score": "5.5"}, "exact": false}, {"vuln": {"cve": "CVE-2017-5932", "summary": "The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a \" (double quote) character and a command substitution metacharacter.", "cvss": "4.6", "published": "2017-03-27T15:59:00", "modified": "2017-03-31T11:24:11", "published-epoch": "1490630340", "modified-epoch": "1490959451", "cwe": "CWE-20", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-03-31T00:05:45", "cvss_created-epoch": "1490918745", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": false}, {"vuln": {"cve": "CVE-2010-0002", "summary": "The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename.", "cvss": "2.1", "published": "2010-01-14T18:30:00", "modified": "2011-08-08T04:00:00", "published-epoch": "1263493800", "modified-epoch": "1312776000", "cwe": "CWE-20", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-01-15T14:31:00", "cvss_created-epoch": "1263565860", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-1999-0491", "summary": "The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.", "cvss": "4.6", "published": "1999-04-20T04:00:00", "modified": "2014-12-31T15:18:18", "published-epoch": "924580800", "modified-epoch": "1420039098", "cwe": "CWE-94", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-12-31T15:09:30", "cvss_created-epoch": "1420038570", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-1999-1383", "summary": "(1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \\w option in the PS1 variable.", "cvss": "4.6", "published": "1996-09-13T04:00:00", "modified": "2016-10-18T02:03:52", "published-epoch": "842587200", "modified-epoch": "1476756232", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["shell"], "homepage": "https://www.gnu.org/software/bash/", "upstream-source": "https://ftp.gnu.org/gnu/bash/bash-4.4.tar.gz", "latest-version": "4.4.19", "short_version": "4.3-7ubuntu1.5", "latest_cmp": false, "url": "https://ftp.gnu.org/gnu/bash/bash-4.4.tar.gz", "codetype": "Native", "coverity_scan": {"name": "bash", "language": "C/C++", "id": 1932, "homepage_url": "http://tiswww.cwru.edu/~chet/bash/bashtop.html", "details": {"loc": 137404, "defect_density": {"comparison": 0.5, "over_time": [null], "score": 0.82, "verdict": "high", "loc_range": "100,000 to 499,999"}, "build_date": "2014-04-18", "project_url": "https://scan.coverity.com/projects/bash", "version": "bash-20140418", "cwe": [{"name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "defect_count": 3, "id": 120, "rank": 3, "uri": "http://cwe.mitre.org/top25/#CWE-120"}]}, "repo_url": "http://git.savannah.gnu.org/cgit/bash.git/log/?h=devel", "slug": "bash", "mapped-name": "bash"}}, {"extended-objects": [{"confidence": 0.633737965676015, "sha1": "0e11925ad9d1999d1b02ff90bc20d8e29ebed062", "name": "libdb-5.3.so", "timestamp": 1396915621, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/lib/x86_64-linux-gnu/libdb-5.3.so"], "type": "native"}], "objects": ["libdb-5.3.so"], "version": "5.3.28-3ubuntu3", "lib": "berkeleydb", "distro_version": "5.3.28-3ubuntu3", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 19, "exact": 5, "historical": 14}, "vulns": [{"vuln": {"cve": "CVE-2016-0682", "summary": "Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0689, CVE-2016-0692, CVE-2016-0694, and CVE-2016-3418.", "cvss": "6.9", "published": "2016-04-21T10:59:43", "modified": "2016-04-27T15:55:17", "published-epoch": "1461236383", "modified-epoch": "1461772517", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-04-22T16:40:58", "cvss_created-epoch": "1461343258", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": true, "triage": [{"id": 278, "vuln_id": "CVE-2016-0682", "component": "berkeleydb", "vendor": null, "codetype": "NA", "version": "5.3.28-3ubuntu3", "modified": "2018-03-22T23:20:42.946913", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-0689", "summary": "Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0692, CVE-2016-0694, and CVE-2016-3418.", "cvss": "6.9", "published": "2016-04-21T10:59:49", "modified": "2016-04-27T18:01:47", "published-epoch": "1461236389", "modified-epoch": "1461780107", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-04-22T17:14:38", "cvss_created-epoch": "1461345278", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": true, "triage": [{"id": 275, "vuln_id": "CVE-2016-0689", "component": "berkeleydb", "vendor": null, "codetype": "NA", "version": "5.3.28-3ubuntu3", "modified": "2018-03-22T23:20:42.923331", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-0692", "summary": "Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0689, CVE-2016-0694, and CVE-2016-3418.", "cvss": "6.9", "published": "2016-04-21T10:59:52", "modified": "2016-04-27T16:44:58", "published-epoch": "1461236392", "modified-epoch": "1461775498", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-04-22T17:25:42", "cvss_created-epoch": "1461345942", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": true, "triage": [{"id": 272, "vuln_id": "CVE-2016-0692", "component": "berkeleydb", "vendor": null, "codetype": "NA", "version": "5.3.28-3ubuntu3", "modified": "2018-03-22T23:20:42.900591", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-0694", "summary": "Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0689, CVE-2016-0692, and CVE-2016-3418.", "cvss": "6.9", "published": "2016-04-21T10:59:54", "modified": "2016-04-27T17:54:56", "published-epoch": "1461236394", "modified-epoch": "1461779696", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-04-22T17:32:02", "cvss_created-epoch": "1461346322", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": true, "triage": [{"id": 269, "vuln_id": "CVE-2016-0694", "component": "berkeleydb", "vendor": null, "codetype": "NA", "version": "5.3.28-3ubuntu3", "modified": "2018-03-22T23:20:42.876022", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-3418", "summary": "Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0689, CVE-2016-0692, and CVE-2016-0694.", "cvss": "6.9", "published": "2016-04-21T11:00:13", "modified": "2016-04-26T23:50:07", "published-epoch": "1461236413", "modified-epoch": "1461714607", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-04-23T01:52:54", "cvss_created-epoch": "1461376374", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": true, "triage": [{"id": 266, "vuln_id": "CVE-2016-3418", "component": "berkeleydb", "vendor": null, "codetype": "NA", "version": "5.3.28-3ubuntu3", "modified": "2018-03-22T23:20:42.853519", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-3612", "summary": "Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "cvss": "3.7", "published": "2017-04-24T19:59:06", "modified": "2017-05-01T17:38:48", "published-epoch": "1493063946", "modified-epoch": "1493660328", "cwe": "CWE-284", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-01T17:33:10", "cvss_created-epoch": "1493659990", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-3614", "summary": "Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "cvss": "3.7", "published": "2017-04-24T19:59:06", "modified": "2017-05-01T17:56:16", "published-epoch": "1493063946", "modified-epoch": "1493661376", "cwe": "CWE-284", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-01T17:40:51", "cvss_created-epoch": "1493660451", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-3605", "summary": "Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "cvss": "3.7", "published": "2017-04-24T19:59:06", "modified": "2017-05-01T17:32:05", "published-epoch": "1493063946", "modified-epoch": "1493659925", "cwe": "CWE-284", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-01T17:30:01", "cvss_created-epoch": "1493659801", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-3608", "summary": "Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "cvss": "3.7", "published": "2017-04-24T19:59:06", "modified": "2017-05-01T17:39:03", "published-epoch": "1493063946", "modified-epoch": "1493660343", "cwe": "CWE-284", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-01T17:30:22", "cvss_created-epoch": "1493659822", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-3615", "summary": "Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "cvss": "3.7", "published": "2017-04-24T19:59:06", "modified": "2017-05-01T17:56:24", "published-epoch": "1493063946", "modified-epoch": "1493661384", "cwe": "CWE-284", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-01T17:44:03", "cvss_created-epoch": "1493660643", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-3606", "summary": "Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "cvss": "4.4", "published": "2017-04-24T19:59:06", "modified": "2017-05-01T17:09:52", "published-epoch": "1493063946", "modified-epoch": "1493658592", "cwe": "CWE-284", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-01T16:50:20", "cvss_created-epoch": "1493657420", "cvss2_vector": "AV:L/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-3609", "summary": "Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "cvss": "3.7", "published": "2017-04-24T19:59:06", "modified": "2017-05-01T17:32:10", "published-epoch": "1493063946", "modified-epoch": "1493659930", "cwe": "CWE-284", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-01T17:17:16", "cvss_created-epoch": "1493659036", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-3610", "summary": "Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "cvss": "3.7", "published": "2017-04-24T19:59:06", "modified": "2017-05-01T17:32:14", "published-epoch": "1493063946", "modified-epoch": "1493659934", "cwe": "CWE-284", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-01T17:30:12", "cvss_created-epoch": "1493659812", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-3611", "summary": "Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "cvss": "3.7", "published": "2017-04-24T19:59:06", "modified": "2017-05-01T17:54:32", "published-epoch": "1493063946", "modified-epoch": "1493661272", "cwe": "CWE-284", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-01T17:39:59", "cvss_created-epoch": "1493660399", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-3617", "summary": "Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "cvss": "3.7", "published": "2017-04-24T19:59:06", "modified": "2017-05-01T17:54:23", "published-epoch": "1493063946", "modified-epoch": "1493661263", "cwe": "CWE-284", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-01T17:39:16", "cvss_created-epoch": "1493660356", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-3607", "summary": "Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "cvss": "3.7", "published": "2017-04-24T19:59:06", "modified": "2017-05-01T16:46:44", "published-epoch": "1493063946", "modified-epoch": "1493657204", "cwe": "CWE-284", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-01T16:26:57", "cvss_created-epoch": "1493656017", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-3613", "summary": "Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "cvss": "3.7", "published": "2017-04-24T19:59:06", "modified": "2017-05-01T17:56:05", "published-epoch": "1493063946", "modified-epoch": "1493661365", "cwe": "CWE-284", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-01T17:41:33", "cvss_created-epoch": "1493660493", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-3616", "summary": "Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "cvss": "3.7", "published": "2017-04-24T19:59:06", "modified": "2017-05-01T17:38:36", "published-epoch": "1493063946", "modified-epoch": "1493660316", "cwe": "CWE-284", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-01T17:32:43", "cvss_created-epoch": "1493659963", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-3604", "summary": "Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "cvss": "3.7", "published": "2017-04-24T19:59:06", "modified": "2017-05-02T17:11:06", "published-epoch": "1493063946", "modified-epoch": "1493745066", "cwe": "CWE-284", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-02T16:55:54", "cvss_created-epoch": "1493744154", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.0"}, "exact": false}], "tags": ["database"], "homepage": "http://www.oracle.com/technetwork/database/berkeleydb/", "short_version": "5.3.28-3ubuntu3", "latest_cmp": null, "url": null, "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.625, "sha1": "9b0a203e09a05ed15ff3e6306c3d89a11d843f99", "name": "libgcrypt.so.11.8.2", "timestamp": 1427374455, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libgcrypt.so.11.8.2"], "type": "native"}, {"confidence": 0.625, "sha1": "87ec76e7dd2b0e32d46710975203f733a506cea6", "name": "libk5crypto.so.3.1", "timestamp": 1423257185, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/x86_64-linux-gnu/libk5crypto.so.3.1"], "type": "native"}, {"confidence": 0.625, "sha1": "379984150b5401afe62bdf980f687a46347230ec", "name": "gpg", "timestamp": 1427460345, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/gpg"], "type": "native"}], "objects": ["libgcrypt.so.11.8.2", "libk5crypto.so.3.1", "gpg"], "version": null, "lib": "bgaes", "distro_version": null, "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 0, "exact": 0, "historical": 0}, "vulns": [], "tags": ["crypto"], "homepage": "https://github.com/traviscross/bgaes", "short_version": "", "latest_cmp": null, "url": null, "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.18887530562347188, "sha1": "dc3e621c72cde19593c42a7703e143fd3dad5320", "name": "busybox", "timestamp": 1384464170, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/lib/initramfs-tools/bin/busybox"], "type": "native"}], "objects": ["busybox"], "version": "1.21.0-1ubuntu1", "lib": "busybox", "distro_version": "1.21.0-1ubuntu1", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 12, "exact": 5, "historical": 7}, "vulns": [{"vuln": {"cve": "CVE-2016-6301", "summary": "The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.", "cvss": "7.8", "published": "2016-12-09T20:59:01", "modified": "2017-11-29T15:48:36", "published-epoch": "1481317141", "modified-epoch": "1511970516", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-11-27T19:40:07", "cvss_created-epoch": "1511811607", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2011-5325", "summary": "Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.", "cvss": "5.0", "published": "2017-08-07T17:29:00", "modified": "2017-08-15T16:40:38", "published-epoch": "1502126940", "modified-epoch": "1502815238", "cwe": "CWE-22", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-08-14T14:35:15", "cvss_created-epoch": "1502721315", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 287, "vuln_id": "CVE-2011-5325", "component": "busybox", "vendor": null, "codetype": "NA", "version": "1.21.0-1ubuntu1", "modified": "2018-03-22T23:20:43.034645", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2014-9645", "summary": "The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an \"ifconfig /usbserial up\" command or a \"mount -t /snd_pcm none /\" command.", "cvss": "2.1", "published": "2017-03-12T06:59:00", "modified": "2017-07-01T01:29:09", "published-epoch": "1489301940", "modified-epoch": "1498872549", "cwe": "CWE-20", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-03-13T17:57:13", "cvss_created-epoch": "1489427833", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "cvss3_score": "5.5"}, "exact": true, "triage": [{"id": 293, "vuln_id": "CVE-2014-9645", "component": "busybox", "vendor": null, "codetype": "NA", "version": "1.21.0-1ubuntu1", "modified": "2018-03-22T23:20:43.075203", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-2147", "summary": "Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.", "cvss": "5.0", "published": "2017-02-09T15:59:00", "modified": "2017-07-01T01:29:37", "published-epoch": "1486655940", "modified-epoch": "1498872577", "cwe": "CWE-190", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-02-15T03:03:55", "cvss_created-epoch": "1487127835", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 290, "vuln_id": "CVE-2016-2147", "component": "busybox", "vendor": null, "codetype": "NA", "version": "1.21.0-1ubuntu1", "modified": "2018-03-22T23:20:43.053841", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-2148", "summary": "Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.", "cvss": "7.5", "published": "2017-02-09T15:59:00", "modified": "2017-07-01T01:29:37", "published-epoch": "1486655940", "modified-epoch": "1498872577", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-02-15T03:06:24", "cvss_created-epoch": "1487127984", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 282, "vuln_id": "CVE-2016-2148", "component": "busybox", "vendor": null, "codetype": "NA", "version": "1.21.0-1ubuntu1", "modified": "2018-03-22T23:20:42.994075", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-16544", "summary": "In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.", "cvss": "6.5", "published": "2017-11-20T15:29:00", "modified": "2017-12-08T15:42:37", "published-epoch": "1511191740", "modified-epoch": "1512747757", "cwe": "CWE-94", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-12-06T13:55:21", "cvss_created-epoch": "1512568521", "cvss2_vector": "AV:N/AC:L/Au:S:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "8.8"}, "exact": true, "triage": [{"id": 284, "vuln_id": "CVE-2017-16544", "component": "busybox", "vendor": null, "codetype": "NA", "version": "1.21.0-1ubuntu1", "modified": "2018-03-22T23:20:43.015371", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-15873", "summary": "The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.", "cvss": "4.3", "published": "2017-10-24T20:29:00", "modified": "2017-10-31T21:49:10", "published-epoch": "1508876940", "modified-epoch": "1509486550", "cwe": "CWE-190", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-10-29T23:04:34", "cvss_created-epoch": "1509318274", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3_score": "5.5"}, "exact": false}, {"vuln": {"cve": "CVE-2017-15874", "summary": "archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation.", "cvss": "4.3", "published": "2017-10-24T20:29:00", "modified": "2017-10-31T21:48:48", "published-epoch": "1508876940", "modified-epoch": "1509486528", "cwe": "CWE-191", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-10-29T23:10:36", "cvss_created-epoch": "1509318636", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3_score": "5.5"}, "exact": false}, {"vuln": {"cve": "CVE-2013-1813", "summary": "util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.", "cvss": "7.2", "published": "2013-11-23T11:55:04", "modified": "2016-06-30T15:53:37", "published-epoch": "1385207704", "modified-epoch": "1467302017", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-30T15:11:38", "cvss_created-epoch": "1467299498", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-5050", "summary": "Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded \"%2e%2e/\" sequences in the URI.", "cvss": "5.0", "published": "2006-09-27T23:07:00", "modified": "2008-09-05T21:11:14", "published-epoch": "1159398420", "modified-epoch": "1220649074", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-09-28T18:27:00", "cvss_created-epoch": "1159468020", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-2716", "summary": "The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.", "cvss": "6.8", "published": "2012-07-03T16:40:30", "modified": "2016-06-30T15:42:51", "published-epoch": "1341333630", "modified-epoch": "1467301371", "cwe": "CWE-20", "cvss_access_vector": "ADJACENT_NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-30T15:11:11", "cvss_created-epoch": "1467299471", "cvss2_vector": "AV:A/AC:H/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-1058", "summary": "BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.", "cvss": "2.1", "published": "2006-04-04T10:04:00", "modified": "2017-10-11T01:30:40", "published-epoch": "1144145040", "modified-epoch": "1507685440", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-04-04T11:57:00", "cvss_created-epoch": "1144151820", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["system"], "homepage": "http://www.busybox.net/", "short_version": "1.21.0-1ubuntu1", "latest_cmp": null, "url": null, "codetype": "Native", "coverity_scan": {"name": "busybox", "language": "C/C++", "id": 19, "homepage_url": "https://busybox.net/", "details": {"loc": 196857, "defect_density": {"comparison": 0.5, "over_time": [null], "score": 2.97, "verdict": "high", "loc_range": "100,000 to 499,999"}, "build_date": "2015-11-12", "project_url": "https://scan.coverity.com/projects/busybox", "version": null, "cwe": [{"name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "defect_count": 14, "id": 120, "rank": 3, "uri": "http://cwe.mitre.org/top25/#CWE-120"}, {"name": "Integer Overflow or Wraparound", "defect_count": 10, "id": 190, "rank": 24, "uri": "http://cwe.mitre.org/top25/#CWE-190"}, {"name": "Use of Potentially Dangerous Function", "defect_count": 12, "id": 676, "rank": 18, "uri": "http://cwe.mitre.org/top25/#CWE-676"}]}, "repo_url": "https://git.busybox.net/busybox/", "slug": "busybox", "mapped-name": "busybox"}}, {"extended-objects": [{"confidence": 0.9655172413793104, "sha1": "e5476ba40fb76a568a2c9deda8c17a05d9762f07", "name": "libbz2.so.1.0.4", "timestamp": 1382361320, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libbz2.so.1.0.4"], "type": "native"}], "objects": ["libbz2.so.1.0.4"], "version": "1.0.6-5", "lib": "bzip2", "distro_version": "1.0.6-5", "distro": "ubuntu", "cpe": ["cpe:/a:bzip:bzip2:1.0.6-5"], "latest_version": "1.0.6", "vuln-count": {"total": 9, "exact": 1, "historical": 8}, "vulns": [{"vuln": {"cve": "CVE-2016-3189", "summary": "Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", "cvss": "4.3", "published": "2016-06-30T17:59:01", "modified": "2017-08-22T01:29:00", "published-epoch": "1467309541", "modified-epoch": "1503365340", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-07-01T16:43:50", "cvss_created-epoch": "1467391430", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3_score": "6.5"}, "exact": true}, {"vuln": {"cve": "CVE-2002-0761", "summary": "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.", "cvss": "2.1", "published": "2002-08-12T04:00:00", "modified": "2008-09-05T20:28:52", "published-epoch": "1029124800", "modified-epoch": "1220646532", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-1260", "summary": "bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a \"decompression bomb\").", "cvss": "5.0", "published": "2005-05-19T04:00:00", "modified": "2017-10-11T01:30:05", "published-epoch": "1116475200", "modified-epoch": "1507685405", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-05-26T16:58:00", "cvss_created-epoch": "1117126680", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-4089", "summary": "The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.", "cvss": "4.6", "published": "2014-04-16T18:37:11", "modified": "2014-04-17T14:15:21", "published-epoch": "1397673431", "modified-epoch": "1397744121", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-04-17T14:15:21", "cvss_created-epoch": "1397744121", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2002-0760", "summary": "Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.", "cvss": "1.2", "published": "2002-08-12T04:00:00", "modified": "2008-09-05T20:28:52", "published-epoch": "1029124800", "modified-epoch": "1220646532", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-1372", "summary": "bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.", "cvss": "4.3", "published": "2008-03-18T21:44:00", "modified": "2017-09-29T01:30:40", "published-epoch": "1205876640", "modified-epoch": "1506648640", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-03-19T14:17:00", "cvss_created-epoch": "1205936220", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-0405", "summary": "Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.", "cvss": "5.1", "published": "2010-09-28T18:00:02", "modified": "2013-08-22T03:28:14", "published-epoch": "1285696802", "modified-epoch": "1377142094", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-09-29T20:21:00", "cvss_created-epoch": "1285791660", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2002-0759", "summary": "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.", "cvss": "5.0", "published": "2002-08-12T04:00:00", "modified": "2008-09-05T20:28:52", "published-epoch": "1029124800", "modified-epoch": "1220646532", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-0953", "summary": "Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.", "cvss": "3.7", "published": "2005-05-02T04:00:00", "modified": "2017-10-11T01:30:01", "published-epoch": "1115006400", "modified-epoch": "1507685401", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-06-13T18:45:00", "cvss_created-epoch": "1118688300", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["compression"], "homepage": "http://www.bzip.org/", "upstream-source": "http://www.bzip.org/1.0.6/bzip2-1.0.6.tar.gz", "latest-version": "1.0.6", "short_version": "1.0.6-5", "latest_cmp": true, "url": "http://www.bzip.org/1.0.6/bzip2-1.0.6.tar.gz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.860655737704918, "sha1": "f07659fb717135fb585ed2b4f48f03740106e88d", "name": "libcgmanager.so.0.0.0", "timestamp": 1423766452, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libcgmanager.so.0.0.0"], "type": "native"}], "objects": ["libcgmanager.so.0.0.0"], "version": "0.24-0ubuntu7.3", "lib": "cgmanager", "distro_version": "0.24-0ubuntu7.3", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 1, "exact": 0, "historical": 1}, "vulns": [{"vuln": {"cve": "CVE-2014-1425", "summary": "cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors.", "cvss": "2.1", "published": "2015-01-07T19:59:00", "modified": "2015-01-08T19:15:03", "published-epoch": "1420660740", "modified-epoch": "1420744503", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-01-08T15:11:50", "cvss_created-epoch": "1420729910", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}], "tags": ["containers", "system"], "short_version": "0.24-0ubuntu7.3", "latest_cmp": null, "homepage": null, "url": null, "codetype": "Native", "coverity_scan": {"name": "cgmanager", "language": "C/C++", "id": 1082, "homepage_url": "http://cgmanager.linuxcontainers.org", "details": {"loc": 32488, "defect_density": {"comparison": 0.35, "over_time": [null], "score": 0.12, "verdict": "low", "loc_range": "less than 100,000"}, "build_date": "2014-04-11", "project_url": "https://scan.coverity.com/projects/cgmanager", "version": "v0.23-21-g3f9a681", "cwe": []}, "repo_url": "git://github.com/cgmanager/cgmanager", "slug": "cgmanager", "mapped-name": "cgmanager"}}, {"extended-objects": [{"confidence": 0.8055555555555556, "sha1": "c664bf0df003af91573a57128ce022efbaae6e0d", "name": "ls", "timestamp": 1421207414, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "bin/ls"], "type": "native"}, {"confidence": 0.8055555555555556, "sha1": "64f66f3e3fc37822e35fd7124bcb44674660d04d", "name": "dir", "timestamp": 1421207414, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "bin/dir"], "type": "native"}, {"confidence": 0.9351851851851852, "sha1": "6acfc035a53057049db65e92e561dd8a76740ea3", "name": "cp", "timestamp": 1421207414, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "bin/cp"], "type": "native", "source-match": "cp"}, {"confidence": 0.6851851851851852, "sha1": "a5560f1dbc0b4f2c5bf2478830e6c6dc8eddec68", "name": "install", "timestamp": 1421207414, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/install"], "type": "native", "source-match": "cp"}, {"confidence": 0.7407407407407407, "sha1": "7d937c607f0381ff672d63b1f3496b88724636c5", "name": "mv", "timestamp": 1421207414, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "bin/mv"], "type": "native", "source-match": "cp"}, {"confidence": 0.8055555555555556, "sha1": "2ff70bf79708995585f59571b7eb91d613cf630b", "name": "vdir", "timestamp": 1421207414, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "bin/vdir"], "type": "native"}], "objects": ["ls", "dir", "cp", "install", "mv", "vdir"], "version": "8.21-1ubuntu5.1", "lib": "coreutils", "distro_version": "8.21-1ubuntu5.1", "distro": "ubuntu", "cpe": ["cpe:/a:gnu:coreutils:8.21-1ubuntu5.1"], "latest_version": "8.29", "vuln-count": {"total": 10, "exact": 3, "historical": 7}, "vulns": [{"vuln": {"cve": "CVE-2017-18018", "summary": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", "cvss": "1.9", "published": "2018-01-04T04:29:00", "modified": "2018-01-19T15:46:46", "published-epoch": "1515040140", "modified-epoch": "1516376806", "cwe": "CWE-362", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-01-19T02:58:40", "cvss_created-epoch": "1516330720", "cvss2_vector": "AV:L/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "cvss3_score": "4.7"}, "exact": true}, {"vuln": {"cve": "CVE-2008-1946", "summary": "The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module.", "cvss": "4.4", "published": "2008-07-28T17:41:00", "modified": "2017-09-29T01:30:57", "published-epoch": "1217266860", "modified-epoch": "1506648657", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-07-29T17:17:00", "cvss_created-epoch": "1217351820", "cvss2_vector": "AV:L/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2014-9471", "summary": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.", "cvss": "7.5", "published": "2015-01-16T16:59:08", "modified": "2017-07-01T01:29:09", "published-epoch": "1421427548", "modified-epoch": "1498872549", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-04-07T16:35:58", "cvss_created-epoch": "1428424558", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": ["ls"], "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2016-2781", "summary": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", "cvss": "2.1", "published": "2017-02-07T15:59:00", "modified": "2017-02-27T19:32:03", "published-epoch": "1486483140", "modified-epoch": "1488223923", "cwe": "CWE-20", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-02-27T19:13:27", "cvss_created-epoch": "1488222807", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "cvss3_score": "6.5"}, "exact": true, "timestamp-objects": ["ls"]}, {"vuln": {"cve": "CVE-2015-1865", "summary": "fts.c in coreutils 8.4 allows local users to delete arbitrary files.", "cvss": "3.3", "published": "2017-09-20T18:29:00", "modified": "2017-09-27T16:13:17", "published-epoch": "1505932140", "modified-epoch": "1506528797", "cwe": "CWE-362", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-09-27T13:25:48", "cvss_created-epoch": "1506518748", "cvss2_vector": "AV:L/AC:M/Au:N:/C:N/I:P/A:P", "cvss3_vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "cvss3_score": "4.7"}, "exact": true, "timestamp-objects": ["ls"]}, {"vuln": {"cve": "CVE-2013-0223", "summary": "The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.", "cvss": "1.9", "published": "2013-11-23T18:55:04", "modified": "2013-11-25T17:58:51", "published-epoch": "1385232904", "modified-epoch": "1385402331", "cwe": "CWE-119", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-11-25T17:58:51", "cvss_created-epoch": "1385402331", "cvss2_vector": "AV:L/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2013-0221", "summary": "The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.", "cvss": "4.3", "published": "2013-11-23T18:55:04", "modified": "2014-03-05T18:15:25", "published-epoch": "1385232904", "modified-epoch": "1394043325", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-11-25T17:52:49", "cvss_created-epoch": "1385401969", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2005-1039", "summary": "Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files.", "cvss": "3.7", "published": "2005-05-02T04:00:00", "modified": "2008-09-05T20:48:02", "published-epoch": "1115006400", "modified-epoch": "1220647682", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-06-14T14:51:00", "cvss_created-epoch": "1118760660", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2009-4135", "summary": "The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.", "cvss": "4.4", "published": "2009-12-11T16:30:00", "modified": "2017-08-17T01:31:27", "published-epoch": "1260549000", "modified-epoch": "1502933487", "cwe": "CWE-59", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-09-07T14:40:08", "cvss_created-epoch": "1473259208", "cvss2_vector": "AV:L/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2013-0222", "summary": "The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.", "cvss": "2.1", "published": "2013-11-23T18:55:04", "modified": "2014-03-07T13:38:11", "published-epoch": "1385232904", "modified-epoch": "1394199491", "cwe": "CWE-119", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-11-25T13:03:15", "cvss_created-epoch": "1385384595", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}], "tags": ["system"], "homepage": "https://www.gnu.org/software/coreutils", "upstream-source": "https://ftp.gnu.org/gnu/coreutils/coreutils-8.29.tar.xz", "latest-version": "8.29", "short_version": "8.21-1ubuntu5.1", "latest_cmp": false, "url": "https://ftp.gnu.org/gnu/coreutils/coreutils-8.29.tar.xz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 1.0, "sha1": "27536005196d95654b9da04d01a289000b9f6536", "name": "cpio", "timestamp": 1420660142, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "bin/cpio"], "type": "native"}], "objects": ["cpio"], "version": "2.11+dfsg-1ubuntu1.1", "lib": "cpio", "distro_version": "2.11+dfsg-1ubuntu1.1", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 8, "exact": 2, "historical": 6}, "vulns": [{"vuln": {"cve": "CVE-2016-2037", "summary": "The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.", "cvss": "4.3", "published": "2016-02-22T15:59:00", "modified": "2016-12-06T03:07:59", "published-epoch": "1456156740", "modified-epoch": "1480993679", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-03-04T14:15:42", "cvss_created-epoch": "1457100942", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3_score": "6.5"}, "exact": true}, {"vuln": {"cve": "CVE-2014-9112", "summary": "Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.", "cvss": "5.0", "published": "2014-12-02T16:59:05", "modified": "2017-09-08T01:29:32", "published-epoch": "1417539545", "modified-epoch": "1504834172", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-09-03T00:31:04", "cvss_created-epoch": "1472862664", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-1197", "summary": "cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.", "cvss": "1.9", "published": "2015-02-19T15:59:12", "modified": "2016-12-06T02:59:32", "published-epoch": "1424361552", "modified-epoch": "1480993172", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-10-21T14:25:12", "cvss_created-epoch": "1445437512", "cvss2_vector": "AV:L/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true}, {"vuln": {"cve": "CVE-2010-4226", "summary": "cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive.", "cvss": "5.0", "published": "2014-02-06T17:00:03", "modified": "2014-02-07T20:57:38", "published-epoch": "1391706003", "modified-epoch": "1391806658", "cwe": "CWE-59", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-02-07T20:57:31", "cvss_created-epoch": "1391806651", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2005-1111", "summary": "Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.", "cvss": "3.7", "published": "2005-05-02T04:00:00", "modified": "2017-10-11T01:30:03", "published-epoch": "1115006400", "modified-epoch": "1507685403", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-06-14T19:34:00", "cvss_created-epoch": "1118777640", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2005-4268", "summary": "Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.", "cvss": "3.7", "published": "2005-12-15T18:11:00", "modified": "2017-10-11T01:30:30", "published-epoch": "1134670260", "modified-epoch": "1507685430", "cwe": "CWE-119", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-12-15T18:27:00", "cvss_created-epoch": "1134671220", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2010-0624", "summary": "Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.", "cvss": "6.8", "published": "2010-03-15T13:28:25", "modified": "2017-09-19T01:30:26", "published-epoch": "1268659705", "modified-epoch": "1505784626", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-03-15T18:16:00", "cvss_created-epoch": "1268676960", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2005-1229", "summary": "Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.", "cvss": "4.6", "published": "2005-05-02T04:00:00", "modified": "2017-07-11T01:32:35", "published-epoch": "1115006400", "modified-epoch": "1499736755", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-05-11T14:02:00", "cvss_created-epoch": "1115820120", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}], "tags": ["utility"], "homepage": "http://libarchive.org/", "short_version": "2.11+dfsg-1ubuntu1.1", "latest_cmp": null, "url": null, "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.7216338880484114, "sha1": "80e1fa32e5c0779db60e13f7b9d1e0d33abeac41", "name": "libcurl-gnutls.so.4.3.0", "timestamp": 1430334806, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4.3.0"], "type": "native"}], "objects": ["libcurl-gnutls.so.4.3.0"], "version": "7.35.0-1ubuntu2.5", "lib": "curl", "distro_version": "7.35.0-1ubuntu2.5", "distro": "ubuntu", "cpe": ["cpe:/a:haxx:libcurl:7.35.0-1ubuntu2.5", "cpe:/a:haxx:curl:7.35.0-1ubuntu2.5"], "latest_version": "7.59.0", "vuln-count": {"total": 55, "exact": 16, "historical": 39}, "vulns": [{"vuln": {"cve": "CVE-2017-8817", "summary": "The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.", "cvss": "7.5", "published": "2017-11-29T18:29:00", "modified": "2018-02-04T02:29:22", "published-epoch": "1511980140", "modified-epoch": "1517711362", "cwe": "CWE-125", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-12-13T18:27:20", "cvss_created-epoch": "1513189640", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 228, "vuln_id": "CVE-2017-8817", "component": "curl", "vendor": null, "codetype": "NA", "version": "7.35.0-1ubuntu2.5", "modified": "2018-03-22T23:18:06.648358", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-3739", "summary": "The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate.", "cvss": "2.6", "published": "2016-05-20T14:59:05", "modified": "2017-07-01T01:29:44", "published-epoch": "1463756345", "modified-epoch": "1498872584", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-05-20T18:23:02", "cvss_created-epoch": "1463768582", "cvss2_vector": "AV:N/AC:H/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "cvss3_score": "5.3"}, "exact": true, "triage": [{"id": 242, "vuln_id": "CVE-2016-3739", "component": "curl", "vendor": null, "codetype": "NA", "version": "7.35.0-1ubuntu2.5", "modified": "2018-03-22T23:18:06.928284", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2014-0138", "summary": "The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.", "cvss": "6.4", "published": "2014-04-15T14:55:04", "modified": "2017-12-16T02:29:03", "published-epoch": "1397573704", "modified-epoch": "1513391343", "cwe": "CWE-287", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-04-06T14:37:15", "cvss_created-epoch": "1459953435", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-0139", "summary": "cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.", "cvss": "5.8", "published": "2014-04-15T14:55:04", "modified": "2017-12-16T02:29:03", "published-epoch": "1397573704", "modified-epoch": "1513391343", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-04-06T14:20:11", "cvss_created-epoch": "1459952411", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2017-1000101", "summary": "curl supports \"globbing\" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.", "cvss": "4.3", "published": "2017-10-05T01:29:04", "modified": "2017-11-14T02:29:00", "published-epoch": "1507166944", "modified-epoch": "1510626540", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-10-17T20:13:29", "cvss_created-epoch": "1508271209", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "cvss3_score": "6.5"}, "exact": true, "triage": [{"id": 240, "vuln_id": "CVE-2017-1000101", "component": "curl", "vendor": null, "codetype": "NA", "version": "7.35.0-1ubuntu2.5", "modified": "2018-03-22T23:18:06.885838", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2014-2522", "summary": "curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.", "cvss": "4.0", "published": "2014-04-18T22:14:38", "modified": "2017-04-29T01:59:01", "published-epoch": "1397859278", "modified-epoch": "1493431141", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-04-21T18:11:38", "cvss_created-epoch": "1398103898", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Non-affected platform", "reason_text": "Vulnerability does not affect this platform.", "type": "platform"}}, {"vuln": {"cve": "CVE-2014-3613", "summary": "cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.", "cvss": "5.0", "published": "2014-11-18T15:59:00", "modified": "2018-01-05T02:29:50", "published-epoch": "1416326340", "modified-epoch": "1515119390", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-03-30T18:39:07", "cvss_created-epoch": "1459363147", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3620", "summary": "cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.", "cvss": "5.0", "published": "2014-11-18T15:59:01", "modified": "2016-12-03T03:01:25", "published-epoch": "1416326341", "modified-epoch": "1480734085", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-03-30T18:38:30", "cvss_created-epoch": "1459363110", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-3143", "summary": "cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.", "cvss": "5.0", "published": "2015-04-24T14:59:08", "modified": "2018-01-05T02:30:04", "published-epoch": "1429887548", "modified-epoch": "1515119404", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-08-24T01:51:02", "cvss_created-epoch": "1472003462", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-3145", "summary": "The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.", "cvss": "7.5", "published": "2015-04-24T14:59:10", "modified": "2017-01-03T03:00:00", "published-epoch": "1429887550", "modified-epoch": "1483412400", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-10-20T03:10:17", "cvss_created-epoch": "1476933017", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-3148", "summary": "cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.", "cvss": "5.0", "published": "2015-04-24T14:59:11", "modified": "2018-01-05T02:30:04", "published-epoch": "1429887551", "modified-epoch": "1515119404", "cwe": "CWE-284", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-08-24T01:57:26", "cvss_created-epoch": "1472003846", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-3153", "summary": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", "cvss": "5.0", "published": "2015-05-01T15:59:05", "modified": "2017-01-03T03:00:00", "published-epoch": "1430495945", "modified-epoch": "1483412400", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-08-30T13:11:04", "cvss_created-epoch": "1472562664", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2016-0754", "summary": "cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name.", "cvss": "5.0", "published": "2016-01-29T20:59:04", "modified": "2016-02-17T15:56:50", "published-epoch": "1454101144", "modified-epoch": "1455724610", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-02-16T17:51:19", "cvss_created-epoch": "1455645079", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss3_score": "5.3"}, "exact": false, "invalidation": {"reason": "Non-affected platform", "reason_text": "Vulnerability does not affect this platform.", "type": "platform"}}, {"vuln": {"cve": "CVE-2016-0755", "summary": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.", "cvss": "5.0", "published": "2016-01-29T20:59:05", "modified": "2017-07-01T01:29:31", "published-epoch": "1454101145", "modified-epoch": "1498872571", "cwe": "CWE-287", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-02-16T18:01:05", "cvss_created-epoch": "1455645665", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss3_score": "7.3"}, "exact": true, "triage": [{"id": 239, "vuln_id": "CVE-2016-0755", "component": "curl", "vendor": null, "codetype": "NA", "version": "7.35.0-1ubuntu2.5", "modified": "2018-03-22T23:18:06.865564", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-4802", "summary": "Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory.", "cvss": "6.9", "published": "2016-06-24T17:59:00", "modified": "2016-12-31T02:59:38", "published-epoch": "1466791140", "modified-epoch": "1483153178", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-24T19:54:20", "cvss_created-epoch": "1466798060", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": true, "triage": [{"id": 231, "vuln_id": "CVE-2016-4802", "component": "curl", "vendor": null, "codetype": "NA", "version": "7.35.0-1ubuntu2.5", "modified": "2018-03-22T23:18:06.710928", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-9502", "summary": "In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with seven bytes. If the default protocol is specified to be FILE or a file: URL lacks two slashes, the given \"URL\" starts with a drive letter, and libcurl is built for Windows or DOS, then libcurl would copy the path 7 bytes off, so that the end of the given path would write beyond the malloc buffer (7 bytes being the length in bytes of the ascii string \"file://\").", "cvss": "5.0", "published": "2017-06-14T13:29:00", "modified": "2017-07-08T01:29:22", "published-epoch": "1497446940", "modified-epoch": "1499477362", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-06-26T14:04:44", "cvss_created-epoch": "1498485884", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss3_score": "5.3"}, "exact": false, "invalidation": {"reason": "Non-affected platform", "reason_text": "Vulnerability does not affect this platform.", "type": "platform"}}, {"vuln": {"cve": "CVE-2017-7407", "summary": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.", "cvss": "2.1", "published": "2017-04-03T20:59:00", "modified": "2017-09-19T01:36:56", "published-epoch": "1491253140", "modified-epoch": "1505785016", "cwe": "CWE-200", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-04-11T15:27:18", "cvss_created-epoch": "1491924438", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss3_score": "2.4"}, "exact": true, "triage": [{"id": 243, "vuln_id": "CVE-2017-7407", "component": "curl", "vendor": null, "codetype": "NA", "version": "7.35.0-1ubuntu2.5", "modified": "2018-03-22T23:18:06.948309", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2018-1000007", "summary": "libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequest hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.", "cvss": "5.0", "published": "2018-01-24T22:29:00", "modified": "2018-03-21T01:29:00", "published-epoch": "1516832940", "modified-epoch": "1521595740", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-01-24T22:29:00", "cvss_created-epoch": "1516832940", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 234, "vuln_id": "CVE-2018-1000007", "component": "curl", "vendor": null, "codetype": "NA", "version": "7.35.0-1ubuntu2.5", "modified": "2018-03-22T23:18:06.770200", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2013-2174", "summary": "Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a \"%\" (percent) character.", "cvss": "6.8", "published": "2013-07-31T13:20:25", "modified": "2016-11-28T19:09:04", "published-epoch": "1375276825", "modified-epoch": "1480360144", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-07-31T18:29:00", "cvss_created-epoch": "1375295340", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-1061", "summary": "Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path.", "cvss": "7.5", "published": "2006-03-21T01:06:00", "modified": "2017-07-20T01:30:17", "published-epoch": "1142903160", "modified-epoch": "1500514217", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-03-21T02:58:00", "cvss_created-epoch": "1142909880", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-4077", "summary": "Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a \"?\" separator in the hostname portion, which causes a \"/\" to be prepended to the resulting string.", "cvss": "4.6", "published": "2005-12-08T01:03:00", "modified": "2017-10-11T01:30:29", "published-epoch": "1134003780", "modified-epoch": "1507685429", "cwe": "CWE-189", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-12-08T03:18:00", "cvss_created-epoch": "1134011880", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-0249", "summary": "Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message.", "cvss": "7.5", "published": "2013-03-08T22:55:01", "modified": "2016-12-08T03:02:56", "published-epoch": "1362783301", "modified-epoch": "1481166176", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-08-12T14:16:43", "cvss_created-epoch": "1439389003", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-3144", "summary": "The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by \"http://:80\" and \":80.\"", "cvss": "9.0", "published": "2015-04-24T14:59:09", "modified": "2016-12-22T02:59:47", "published-epoch": "1429887549", "modified-epoch": "1482375587", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-01T20:15:33", "cvss_created-epoch": "1464812133", "cvss2_vector": "AV:N/AC:L/Au:S:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2000-0973", "summary": "Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated.", "cvss": "10.0", "published": "2000-12-19T05:00:00", "modified": "2008-09-05T20:22:19", "published-epoch": "977202000", "modified-epoch": "1220646139", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-0490", "summary": "Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication.", "cvss": "5.1", "published": "2005-05-02T04:00:00", "modified": "2017-10-11T01:29:56", "published-epoch": "1115006400", "modified-epoch": "1507685396", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-06-07T19:16:00", "cvss_created-epoch": "1118171760", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-0015", "summary": "cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.", "cvss": "4.0", "published": "2014-02-02T00:55:05", "modified": "2018-01-03T02:29:00", "published-epoch": "1391302505", "modified-epoch": "1514946540", "cwe": "CWE-287", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-07-08T15:57:00", "cvss_created-epoch": "1467993420", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-0037", "summary": "The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.", "cvss": "6.8", "published": "2009-03-05T02:30:00", "modified": "2017-09-29T01:33:35", "published-epoch": "1236220200", "modified-epoch": "1506648815", "cwe": "CWE-352", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-03-05T15:14:00", "cvss_created-epoch": "1236266040", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-2617", "summary": "lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.", "cvss": "7.5", "published": "2013-03-20T22:55:01", "modified": "2013-03-21T18:35:03", "published-epoch": "1363820101", "modified-epoch": "1363890903", "cwe": "CWE-94", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-03-21T18:32:00", "cvss_created-epoch": "1363890720", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-2192", "summary": "The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.", "cvss": "4.3", "published": "2011-07-07T21:55:02", "modified": "2018-01-05T02:29:04", "published-epoch": "1310075702", "modified-epoch": "1515119344", "cwe": "CWE-255", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-07-08T15:49:00", "cvss_created-epoch": "1310140140", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-8818", "summary": "curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.", "cvss": "7.5", "published": "2017-11-29T18:29:00", "modified": "2017-12-20T20:56:52", "published-epoch": "1511980140", "modified-epoch": "1513803412", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-12-13T18:43:23", "cvss_created-epoch": "1513190603", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": false}, {"vuln": {"cve": "CVE-2013-1944", "summary": "The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.", "cvss": "5.0", "published": "2013-04-29T22:55:08", "modified": "2016-09-09T01:59:27", "published-epoch": "1367276108", "modified-epoch": "1473386367", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-04-30T16:24:00", "cvss_created-epoch": "1367339040", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-3842", "summary": "Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \\ (backslash) as a separator of path components within the Content-disposition HTTP header.", "cvss": "5.8", "published": "2010-10-28T00:00:05", "modified": "2010-10-28T04:00:00", "published-epoch": "1288224005", "modified-epoch": "1288238400", "cwe": "CWE-22", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-10-28T18:01:00", "cvss_created-epoch": "1288288860", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-0036", "summary": "curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.", "cvss": "7.5", "published": "2012-04-13T20:55:01", "modified": "2018-01-10T02:29:23", "published-epoch": "1334350501", "modified-epoch": "1515551363", "cwe": "CWE-89", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-08-12T14:29:00", "cvss_created-epoch": "1439389740", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-3237", "summary": "The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.", "cvss": "6.4", "published": "2015-06-22T19:59:04", "modified": "2017-09-01T01:29:00", "published-epoch": "1435003144", "modified-epoch": "1504229340", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-08-19T20:02:26", "cvss_created-epoch": "1471636946", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-4545", "summary": "cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", "cvss": "4.3", "published": "2013-11-23T11:55:04", "modified": "2016-06-17T01:59:31", "published-epoch": "1385207704", "modified-epoch": "1466128771", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-11-25T16:19:12", "cvss_created-epoch": "1385396352", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-3236", "summary": "cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors.", "cvss": "5.0", "published": "2015-06-22T19:59:03", "modified": "2016-12-22T02:59:48", "published-epoch": "1435003143", "modified-epoch": "1482375588", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-08-16T13:36:42", "cvss_created-epoch": "1471354602", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-8816", "summary": "The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.", "cvss": "7.5", "published": "2017-11-29T18:29:00", "modified": "2018-01-10T19:25:49", "published-epoch": "1511980140", "modified-epoch": "1515612349", "cwe": "CWE-190", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-01-09T22:03:14", "cvss_created-epoch": "1515535394", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": false}, {"vuln": {"cve": "CVE-2005-3185", "summary": "Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username.", "cvss": "7.5", "published": "2005-10-13T22:02:00", "modified": "2017-10-11T01:30:23", "published-epoch": "1129240920", "modified-epoch": "1507685423", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-10-14T15:17:00", "cvss_created-epoch": "1129303020", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-1000100", "summary": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.", "cvss": "4.3", "published": "2017-10-05T01:29:04", "modified": "2017-11-14T02:29:00", "published-epoch": "1507166944", "modified-epoch": "1510626540", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-10-13T13:39:37", "cvss_created-epoch": "1507901977", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "cvss3_score": "6.5"}, "exact": true, "triage": [{"id": 241, "vuln_id": "CVE-2017-1000100", "component": "curl", "vendor": null, "codetype": "NA", "version": "7.35.0-1ubuntu2.5", "modified": "2018-03-22T23:18:06.906083", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-1000254", "summary": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", "cvss": "5.0", "published": "2017-10-06T13:29:00", "modified": "2017-12-26T02:29:12", "published-epoch": "1507296540", "modified-epoch": "1514255352", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-10-13T13:48:49", "cvss_created-epoch": "1507902529", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 235, "vuln_id": "CVE-2017-1000254", "component": "curl", "vendor": null, "codetype": "NA", "version": "7.35.0-1ubuntu2.5", "modified": "2018-03-22T23:18:06.789946", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-1000257", "summary": "An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.", "cvss": "6.4", "published": "2017-10-31T21:29:00", "modified": "2017-12-16T02:29:07", "published-epoch": "1509485340", "modified-epoch": "1513391347", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-11-22T21:46:50", "cvss_created-epoch": "1511387210", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "cvss3_score": "9.1"}, "exact": true, "triage": [{"id": 232, "vuln_id": "CVE-2017-1000257", "component": "curl", "vendor": null, "codetype": "NA", "version": "7.35.0-1ubuntu2.5", "modified": "2018-03-22T23:18:06.729870", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2014-3707", "summary": "The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.", "cvss": "4.3", "published": "2014-11-15T20:59:00", "modified": "2018-01-05T02:29:51", "published-epoch": "1416085140", "modified-epoch": "1515119391", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-08-26T17:24:18", "cvss_created-epoch": "1472232258", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-8150", "summary": "CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.", "cvss": "4.3", "published": "2015-01-15T15:59:06", "modified": "2018-01-05T02:29:54", "published-epoch": "1421337546", "modified-epoch": "1515119394", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-02-27T19:35:13", "cvss_created-epoch": "1425065713", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-8151", "summary": "The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.", "cvss": "5.8", "published": "2015-01-15T15:59:07", "modified": "2017-07-01T01:29:07", "published-epoch": "1421337547", "modified-epoch": "1498872547", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-04-05T18:23:39", "cvss_created-epoch": "1459880619", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true, "triage": [{"id": 233, "vuln_id": "CVE-2014-8151", "component": "curl", "vendor": null, "codetype": "NA", "version": "7.35.0-1ubuntu2.5", "modified": "2018-03-22T23:18:06.750258", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-5419", "summary": "curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.", "cvss": "5.0", "published": "2016-08-10T14:59:03", "modified": "2018-01-05T02:31:01", "published-epoch": "1470841143", "modified-epoch": "1515119461", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-10-06T00:59:51", "cvss_created-epoch": "1475715591", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 238, "vuln_id": "CVE-2016-5419", "component": "curl", "vendor": null, "codetype": "NA", "version": "7.35.0-1ubuntu2.5", "modified": "2018-03-22T23:18:06.846888", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-5420", "summary": "curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.", "cvss": "5.0", "published": "2016-08-10T14:59:05", "modified": "2018-01-05T02:31:01", "published-epoch": "1470841145", "modified-epoch": "1515119461", "cwe": "CWE-285", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-10-06T00:58:48", "cvss_created-epoch": "1475715528", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 237, "vuln_id": "CVE-2016-5420", "component": "curl", "vendor": null, "codetype": "NA", "version": "7.35.0-1ubuntu2.5", "modified": "2018-03-22T23:18:06.828512", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-5421", "summary": "Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.", "cvss": "7.5", "published": "2016-08-10T14:59:06", "modified": "2017-07-01T01:29:57", "published-epoch": "1470841146", "modified-epoch": "1498872597", "cwe": "CWE-416", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-01-23T21:32:44", "cvss_created-epoch": "1485207164", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 230, "vuln_id": "CVE-2016-5421", "component": "curl", "vendor": null, "codetype": "NA", "version": "7.35.0-1ubuntu2.5", "modified": "2018-03-22T23:18:06.690959", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-7141", "summary": "curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.", "cvss": "5.0", "published": "2016-10-03T21:59:08", "modified": "2018-01-05T02:31:14", "published-epoch": "1475531948", "modified-epoch": "1515119474", "cwe": "CWE-287", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-10-04T13:37:43", "cvss_created-epoch": "1475588263", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 236, "vuln_id": "CVE-2016-7141", "component": "curl", "vendor": null, "codetype": "NA", "version": "7.35.0-1ubuntu2.5", "modified": "2018-03-22T23:18:06.809325", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-7167", "summary": "Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.", "cvss": "7.5", "published": "2016-10-07T14:59:08", "modified": "2018-01-05T02:31:14", "published-epoch": "1475852348", "modified-epoch": "1515119474", "cwe": "CWE-190", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-10-07T16:35:42", "cvss_created-epoch": "1475858142", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 229, "vuln_id": "CVE-2016-7167", "component": "curl", "vendor": null, "codetype": "NA", "version": "7.35.0-1ubuntu2.5", "modified": "2018-03-22T23:18:06.670757", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2007-3564", "summary": "libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions.", "cvss": "7.5", "published": "2007-07-18T17:30:00", "modified": "2017-07-29T01:32:22", "published-epoch": "1184779800", "modified-epoch": "1501291942", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-07-19T01:22:00", "cvss_created-epoch": "1184808120", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-1000099", "summary": "When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory.", "cvss": "4.3", "published": "2017-10-05T01:29:04", "modified": "2017-11-01T19:23:23", "published-epoch": "1507166944", "modified-epoch": "1509564203", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-10-13T13:28:15", "cvss_created-epoch": "1507901295", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "cvss3_score": "6.5"}, "exact": false}, {"vuln": {"cve": "CVE-2010-0734", "summary": "content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.", "cvss": "6.8", "published": "2010-03-19T19:30:00", "modified": "2018-01-05T02:29:01", "published-epoch": "1269027000", "modified-epoch": "1515119341", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-03-22T22:31:00", "cvss_created-epoch": "1269297060", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-2417", "summary": "lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.", "cvss": "7.5", "published": "2009-08-14T15:16:27", "modified": "2017-09-19T01:29:06", "published-epoch": "1250262987", "modified-epoch": "1505784546", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-08-14T16:29:00", "cvss_created-epoch": "1250267340", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2018-1000005", "summary": "libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something.", "cvss": "6.4", "published": "2018-01-24T22:29:00", "modified": "2018-03-21T01:29:00", "published-epoch": "1516832940", "modified-epoch": "1521595740", "cwe": "CWE-125", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-01-24T22:29:00", "cvss_created-epoch": "1516832940", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "cvss3_score": "9.1"}, "exact": false}, {"vuln": {"cve": "CVE-2013-6422", "summary": "The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.", "cvss": "4.0", "published": "2013-12-23T22:55:02", "modified": "2016-04-07T20:55:59", "published-epoch": "1387839302", "modified-epoch": "1460062559", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-04-06T14:56:18", "cvss_created-epoch": "1459954578", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["protocol"], "homepage": "https://curl.haxx.se/", "upstream-source": "https://curl.haxx.se/download/curl-7.59.0.tar.bz2", "latest-version": "7.59.0", "short_version": "7.35.0-1ubuntu2.5", "latest_cmp": false, "url": "https://curl.haxx.se/download/curl-7.59.0.tar.bz2", "codetype": "Native", "coverity_scan": {"name": "curl", "language": "C/C++", "id": 37, "homepage_url": "https://curl.haxx.se/", "details": {"loc": 161159, "defect_density": {"comparison": 0.5, "over_time": [{"2017-11-01": 0.0, "2016-04-01": 0.0, "2017-08-01": 0.0, "2017-07-01": 0.0, "2017-03-01": 0.0, "2018-02-01": 0.0, "2017-05-01": 0.01, "2017-04-01": 0.0, "2016-06-01": 0.0, "2017-06-01": 0.0, "2017-01-01": 0.0, "2016-11-01": 0.01, "2016-03-01": 0.0, "2016-08-01": 0.0, "2016-05-01": 0.01, "2018-01-01": 0.0, "2017-02-01": 0.0, "2017-10-01": 0.01, "2016-09-01": 0.0, "2016-12-01": 0.01, "2018-03-01": 0.0, "2017-12-01": 0.03, "2017-09-01": 0.0, "2016-10-01": 0.02}], "score": 0.0, "verdict": "low", "loc_range": "100,000 to 499,999"}, "build_date": "2018-03-20", "project_url": "https://scan.coverity.com/projects/curl", "version": "curl-7_59_0-24-gf623ad65e/mar20", "cwe": [{"name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "defect_count": 1, "id": 120, "rank": 3, "uri": "http://cwe.mitre.org/top25/#CWE-120"}]}, "repo_url": "https://github.com/curl/curl", "slug": "curl", "mapped-name": "curl"}}, {"extended-objects": [{"confidence": 1.0, "sha1": "0b8f55f9352821ffcad649d0195648620105a558", "name": "libsasl2.so.2.0.25", "timestamp": 1383413393, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/x86_64-linux-gnu/libsasl2.so.2.0.25"], "type": "native"}], "objects": ["libsasl2.so.2.0.25"], "version": "2.1.25.dfsg1-17build1", "lib": "cyrus-sasl", "distro_version": "2.1.25.dfsg1-17build1", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 3, "exact": 0, "historical": 3}, "vulns": [{"vuln": {"cve": "CVE-2013-4122", "summary": "Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.", "cvss": "4.3", "published": "2013-10-27T00:55:03", "modified": "2016-12-08T03:03:29", "published-epoch": "1382835303", "modified-epoch": "1481166209", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-10-28T18:35:41", "cvss_created-epoch": "1382985341", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2000-0956", "summary": "cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify the authorization for a local user, which could allow the users to bypass specified access restrictions.", "cvss": "4.6", "published": "2000-12-19T05:00:00", "modified": "2017-10-10T01:29:24", "published-epoch": "977202000", "modified-epoch": "1507598964", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-0688", "summary": "Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c.", "cvss": "7.5", "published": "2009-05-15T15:30:00", "modified": "2017-09-29T01:33:58", "published-epoch": "1242401400", "modified-epoch": "1506648838", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-05-15T15:49:00", "cvss_created-epoch": "1242402540", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["protocol"], "homepage": "http://www.cyrussasl.org/", "short_version": "2.1.25.dfsg1-17build1", "latest_cmp": null, "url": null, "codetype": "Native", "coverity_scan": {"name": "cyrus-sasl", "language": "C/C++", "id": 40, "homepage_url": null, "details": {"loc": 18406, "defect_density": {"comparison": 0.35, "over_time": [null], "score": 0.54, "verdict": "high", "loc_range": "less than 100,000"}, "build_date": "2007-07-13", "project_url": "https://scan.coverity.com/projects/cyrus-sasl", "version": null, "cwe": []}, "repo_url": null, "slug": "cyrus-sasl", "mapped-name": "cyrus-sasl"}}, {"extended-objects": [{"confidence": 1.0, "sha1": "647437c3d7543c7c8d381903834c9ef42eb4cf69", "name": "dash", "timestamp": 1392812032, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "bin/dash"], "type": "native"}], "objects": ["dash", "sh.shared"], "version": "0.5.7-4ubuntu1", "lib": "dash", "distro_version": "0.5.7-4ubuntu1", "distro": "ubuntu", "latest_version": "4.1.6", "vuln-count": {"total": 1, "exact": 0, "historical": 1}, "vulns": [{"vuln": {"cve": "CVE-2009-0854", "summary": "Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory.", "cvss": "6.9", "published": "2009-03-11T14:19:15", "modified": "2017-08-17T01:30:03", "published-epoch": "1236781155", "modified-epoch": "1502933403", "cwe": "CWE-78", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-03-11T17:25:00", "cvss_created-epoch": "1236792300", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}], "tags": ["shell"], "homepage": "https://kapeli.com/dash", "upstream-source": "https://kapeli.com/downloads/v4/Dash.zip", "latest-version": "4.1.6", "short_version": "0.5.7-4ubuntu1", "latest_cmp": false, "url": "https://kapeli.com/downloads/v4/Dash.zip", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.8478260869565217, "sha1": "1f45a3d6ea8f9d27193d1afe356641dc7706725d", "name": "sh.shared", "timestamp": 1387853475, "binary-type": "elf-executable-x86_64", "exe-flags": ["execstack", "no-pie", "no-relro"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/lib/klibc/bin/sh.shared"], "type": "native"}], "objects": ["dash", "sh.shared"], "version": null, "lib": "dash", "distro_version": null, "distro": "ubuntu", "latest_version": "4.1.6", "vuln-count": {"total": 1, "exact": 0, "historical": 1}, "vulns": [{"vuln": {"cve": "CVE-2009-0854", "summary": "Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory.", "cvss": "6.9", "published": "2009-03-11T14:19:15", "modified": "2017-08-17T01:30:03", "published-epoch": "1236781155", "modified-epoch": "1502933403", "cwe": "CWE-78", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-03-11T17:25:00", "cvss_created-epoch": "1236792300", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}], "tags": ["shell"], "homepage": "https://kapeli.com/dash", "upstream-source": "https://kapeli.com/downloads/v4/Dash.zip", "latest-version": "4.1.6", "short_version": "", "latest_cmp": null, "url": "https://kapeli.com/downloads/v4/Dash.zip", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.9866156787762906, "sha1": "b473f252e4af859e4072e269f227db7d2b316806", "name": "libdbus-1.so.3.7.6", "timestamp": 1416947891, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libdbus-1.so.3.7.6"], "type": "native"}], "objects": ["libdbus-1.so.3.7.6"], "version": "1.6.18-0ubuntu4.3", "lib": "dbus", "distro_version": "1.6.18-0ubuntu4.3", "distro": "ubuntu", "cpe": ["cpe:/a:d-bus_project:d-bus:1.6.18-0ubuntu4.3"], "latest_version": "1.12.4", "vuln-count": {"total": 19, "exact": 0, "historical": 19}, "vulns": [{"vuln": {"cve": "CVE-2008-4311", "summary": "The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.", "cvss": "4.6", "published": "2008-12-10T00:30:00", "modified": "2017-08-08T01:32:32", "published-epoch": "1228869000", "modified-epoch": "1502155952", "cwe": "CWE-16", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-12-10T14:53:00", "cvss_created-epoch": "1228920780", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-2533", "summary": "The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.", "cvss": "3.3", "published": "2011-06-22T23:55:00", "modified": "2017-08-29T01:29:26", "published-epoch": "1308786900", "modified-epoch": "1503970166", "cwe": "CWE-59", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-06-23T14:46:00", "cvss_created-epoch": "1308840360", "cvss2_vector": "AV:L/AC:M/Au:N:/C:N/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-1189", "summary": "The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.", "cvss": "3.6", "published": "2009-04-27T18:00:00", "modified": "2017-09-29T01:34:13", "published-epoch": "1240855200", "modified-epoch": "1506648853", "cwe": "CWE-20", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-04-27T18:53:00", "cvss_created-epoch": "1240858380", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-3834", "summary": "The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.", "cvss": "2.1", "published": "2008-10-07T21:01:52", "modified": "2017-09-29T01:31:52", "published-epoch": "1223413312", "modified-epoch": "1506648712", "cwe": "CWE-20", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-10-07T23:41:00", "cvss_created-epoch": "1223422860", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-3477", "summary": "The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.", "cvss": "2.1", "published": "2014-07-01T17:55:04", "modified": "2015-04-15T02:00:32", "published-epoch": "1404237304", "modified-epoch": "1429063232", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-07-02T18:25:33", "cvss_created-epoch": "1404325533", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3532", "summary": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.", "cvss": "2.1", "published": "2014-07-19T19:55:07", "modified": "2016-10-15T01:59:36", "published-epoch": "1405799707", "modified-epoch": "1476496776", "cwe": "CWE-20", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-30T16:24:06", "cvss_created-epoch": "1467303846", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3533", "summary": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.", "cvss": "2.1", "published": "2014-07-19T19:55:08", "modified": "2016-10-15T01:59:37", "published-epoch": "1405799708", "modified-epoch": "1476496777", "cwe": "CWE-20", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-30T16:26:57", "cvss_created-epoch": "1467304017", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3635", "summary": "Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.", "cvss": "4.4", "published": "2014-09-22T15:55:07", "modified": "2016-10-15T01:59:46", "published-epoch": "1411401307", "modified-epoch": "1476496786", "cwe": "CWE-119", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-01T19:18:58", "cvss_created-epoch": "1464808738", "cvss2_vector": "AV:L/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3637", "summary": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.", "cvss": "2.1", "published": "2014-09-22T15:55:08", "modified": "2015-08-26T16:50:29", "published-epoch": "1411401308", "modified-epoch": "1440607829", "cwe": "CWE-17", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-08-26T15:57:38", "cvss_created-epoch": "1440604658", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3638", "summary": "The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.", "cvss": "2.1", "published": "2014-09-22T15:55:08", "modified": "2017-01-07T03:00:06", "published-epoch": "1411401308", "modified-epoch": "1483758006", "cwe": "CWE-399", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-01T19:16:55", "cvss_created-epoch": "1464808615", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3639", "summary": "The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.", "cvss": "2.1", "published": "2014-09-22T15:55:08", "modified": "2017-01-07T03:00:06", "published-epoch": "1411401308", "modified-epoch": "1483758006", "cwe": "CWE-399", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-01T19:15:24", "cvss_created-epoch": "1464808524", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-7824", "summary": "D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.", "cvss": "2.1", "published": "2014-11-18T15:59:04", "modified": "2017-09-08T01:29:16", "published-epoch": "1416326344", "modified-epoch": "1504834156", "cwe": "CWE-399", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-30T16:28:58", "cvss_created-epoch": "1467304138", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-0245", "summary": "D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.", "cvss": "1.9", "published": "2015-02-13T15:59:08", "modified": "2016-10-15T02:00:30", "published-epoch": "1423843148", "modified-epoch": "1476496830", "cwe": "CWE-362", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-03-06T17:22:15", "cvss_created-epoch": "1425662535", "cvss2_vector": "AV:L/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3636", "summary": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.", "cvss": "1.9", "published": "2014-10-25T20:55:07", "modified": "2015-08-26T16:49:58", "published-epoch": "1414270507", "modified-epoch": "1440607798", "cwe": "CWE-399", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-08-26T15:58:32", "cvss_created-epoch": "1440604712", "cvss2_vector": "AV:L/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2011-2200", "summary": "The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.", "cvss": "4.6", "published": "2011-06-22T22:55:04", "modified": "2017-08-29T01:29:19", "published-epoch": "1308783304", "modified-epoch": "1503970159", "cwe": "CWE-20", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-07-11T14:47:28", "cvss_created-epoch": "1405090048", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-4352", "summary": "Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants.", "cvss": "2.1", "published": "2010-12-30T19:00:05", "modified": "2016-12-08T03:01:44", "published-epoch": "1293735605", "modified-epoch": "1481166104", "cwe": "CWE-399", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-07-11T14:41:04", "cvss_created-epoch": "1405089664", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-0201", "summary": "D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket.", "cvss": "2.1", "published": "2005-06-29T04:00:00", "modified": "2017-10-11T01:29:53", "published-epoch": "1120017600", "modified-epoch": "1507685393", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-06-29T12:34:00", "cvss_created-epoch": "1120048440", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-6107", "summary": "Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages).", "cvss": "1.7", "published": "2006-12-14T00:28:00", "modified": "2017-10-11T01:31:24", "published-epoch": "1166056080", "modified-epoch": "1507685484", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-12-14T14:08:00", "cvss_created-epoch": "1166105280", "cvss2_vector": "AV:L/AC:L/Au:S:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-2168", "summary": "The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.", "cvss": "1.9", "published": "2013-07-03T18:55:01", "modified": "2017-09-19T01:36:15", "published-epoch": "1372877701", "modified-epoch": "1505784975", "cwe": "CWE-20", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-11-20T15:37:48", "cvss_created-epoch": "1448033868", "cvss2_vector": "AV:L/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["protocol", "system"], "homepage": "https://wiki.freedesktop.org/www/Software/dbus", "upstream-source": "https://dbus.freedesktop.org/releases/dbus/dbus-1.12.4.tar.gz", "latest-version": "1.12.4", "short_version": "1.6.18-0ubuntu4.3", "latest_cmp": false, "url": "https://dbus.freedesktop.org/releases/dbus/dbus-1.12.4.tar.gz", "codetype": "Native", "coverity_scan": {"name": "dbus", "language": "C/C++", "id": 4774, "homepage_url": "http:/dbus.freedesktop.org", "details": {"loc": 157438, "defect_density": {"comparison": 0.5, "over_time": [{"2017-05-01": 0.0, "2016-08-01": 0.15, "2017-04-01": 0.0, "2016-05-01": 0.14, "2018-01-01": 0.01, "2017-06-01": 0.0, "2018-02-01": 0.0, "2017-11-01": 0.06, "2017-02-01": 0.24, "2016-04-01": 0.15, "2017-08-01": 0.06, "2017-01-01": 0.15, "2017-07-01": 0.06, "2018-03-01": 0.01, "2017-12-01": 0.0, "2017-03-01": 0.01, "2017-09-01": 0.05, "2017-10-01": 0.05}], "score": 0.01, "verdict": "low", "loc_range": "100,000 to 499,999"}, "build_date": "2018-03-19", "project_url": "https://scan.coverity.com/projects/dbus", "version": "dbus-1.13.2-36-g9dfbe7f", "cwe": []}, "repo_url": "https://github.com/d-bus/dbus.git", "slug": "dbus", "mapped-name": "dbus"}}, {"extended-objects": [{"confidence": 0.9342984409799554, "sha1": "f096fbe5ec712035bcf2ed9c6539de01d52fb732", "name": "omshell", "timestamp": 1427912520, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/omshell"], "type": "native"}, {"confidence": 0.9387527839643652, "sha1": "56598b53e3a0fc0110300ac5baf093cbf9353ede", "name": "dhclient", "timestamp": 1427912520, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "sbin/dhclient"], "type": "native"}], "objects": ["omshell"], "version": "4.2.4-7ubuntu12.1", "lib": "dhcp", "distro_version": "4.2.4-7ubuntu12.1", "distro": "ubuntu", "cpe": ["cpe:/a:isc:dhcp:4.2.4-7ubuntu12.1"], "latest_version": "4.4.1", "vuln-count": {"total": 19, "exact": 3, "historical": 16}, "vulns": [{"vuln": {"cve": "CVE-2013-2494", "summary": "libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266.", "cvss": "4.9", "published": "2013-03-28T16:55:01", "modified": "2013-03-29T04:00:00", "published-epoch": "1364489701", "modified-epoch": "1364529600", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-03-29T13:39:00", "cvss_created-epoch": "1364564340", "cvss2_vector": "AV:N/AC:H/Au:S:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true, "triage": [{"id": 250, "vuln_id": "CVE-2013-2494", "component": "dhcp", "vendor": null, "codetype": "NA", "version": "4.2.4-7ubuntu12.1", "modified": "2018-03-22T23:19:37.512542", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-8605", "summary": "ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.", "cvss": "5.7", "published": "2016-01-14T22:59:00", "modified": "2016-12-07T18:28:48", "published-epoch": "1452812340", "modified-epoch": "1481135328", "cwe": "CWE-20", "cvss_access_vector": "ADJACENT_NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-05-27T15:29:34", "cvss_created-epoch": "1464362974", "cvss2_vector": "AV:A/AC:M/Au:N:/C:N/I:N/A:C", "cvss3_vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "6.5"}, "exact": true, "triage": [{"id": 247, "vuln_id": "CVE-2015-8605", "component": "dhcp", "vendor": null, "codetype": "NA", "version": "4.2.4-7ubuntu12.1", "modified": "2018-03-22T23:19:37.489546", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-2774", "summary": "ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.", "cvss": "7.1", "published": "2016-03-09T15:59:00", "modified": "2018-03-16T01:29:00", "published-epoch": "1457539140", "modified-epoch": "1521163740", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-03-09T15:59:00", "cvss_created-epoch": "1457539140", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:C", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "5.9"}, "exact": true, "triage": [{"id": 246, "vuln_id": "CVE-2016-2774", "component": "dhcp", "vendor": null, "codetype": "NA", "version": "4.2.4-7ubuntu12.1", "modified": "2018-03-22T23:19:37.463394", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2012-3570", "summary": "Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter.", "cvss": "5.7", "published": "2012-07-25T10:42:35", "modified": "2016-11-28T19:08:17", "published-epoch": "1343212955", "modified-epoch": "1480360097", "cwe": "CWE-119", "cvss_access_vector": "ADJACENT_NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-07-25T14:19:00", "cvss_created-epoch": "1343225940", "cvss2_vector": "AV:A/AC:M/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2012-3571", "summary": "ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.", "cvss": "6.1", "published": "2012-07-25T10:42:35", "modified": "2016-12-31T02:59:00", "published-epoch": "1343212955", "modified-epoch": "1483153140", "cwe": "CWE-119", "cvss_access_vector": "ADJACENT_NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-07-25T14:26:00", "cvss_created-epoch": "1343226360", "cvss2_vector": "AV:A/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2012-3954", "summary": "Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.", "cvss": "3.3", "published": "2012-07-25T10:42:35", "modified": "2016-11-28T19:08:19", "published-epoch": "1343212955", "modified-epoch": "1480360099", "cwe": "CWE-399", "cvss_access_vector": "ADJACENT_NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-07-25T14:58:00", "cvss_created-epoch": "1343228280", "cvss2_vector": "AV:A/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2011-0997", "summary": "dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.", "cvss": "7.5", "published": "2011-04-08T15:17:27", "modified": "2017-09-19T01:32:17", "published-epoch": "1302275847", "modified-epoch": "1505784737", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-04-08T16:36:00", "cvss_created-epoch": "1302280560", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2010-3616", "summary": "ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520.", "cvss": "5.0", "published": "2010-12-17T19:00:20", "modified": "2011-01-19T07:00:38", "published-epoch": "1292612420", "modified-epoch": "1295420438", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-12-20T14:34:00", "cvss_created-epoch": "1292855640", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2009-1892", "summary": "dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests.", "cvss": "5.0", "published": "2009-07-17T16:30:00", "modified": "2017-08-17T01:30:33", "published-epoch": "1247848200", "modified-epoch": "1502933433", "cwe": "CWE-16", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-07-17T16:42:00", "cvss_created-epoch": "1247848920", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2011-0413", "summary": "The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address.", "cvss": "7.8", "published": "2011-01-31T21:00:18", "modified": "2017-08-17T01:33:29", "published-epoch": "1296507618", "modified-epoch": "1502933609", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-02-01T18:35:00", "cvss_created-epoch": "1296585300", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2009-1893", "summary": "The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the \"dhcpd -t\" command.", "cvss": "6.9", "published": "2009-07-17T16:30:00", "modified": "2017-09-29T01:34:38", "published-epoch": "1247848200", "modified-epoch": "1506648878", "cwe": "CWE-59", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-07-17T17:09:00", "cvss_created-epoch": "1247850540", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2011-2749", "summary": "The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.", "cvss": "7.8", "published": "2011-08-15T21:55:02", "modified": "2016-12-31T02:59:00", "published-epoch": "1313445302", "modified-epoch": "1483153140", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-08-16T18:43:00", "cvss_created-epoch": "1313520180", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2011-4539", "summary": "dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.", "cvss": "5.0", "published": "2011-12-08T11:55:02", "modified": "2017-08-29T01:30:30", "published-epoch": "1323345302", "modified-epoch": "1503970230", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-12-08T22:40:00", "cvss_created-epoch": "1323384000", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2011-4868", "summary": "The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update.", "cvss": "6.1", "published": "2012-01-15T03:55:12", "modified": "2016-12-03T02:59:51", "published-epoch": "1326599712", "modified-epoch": "1480733991", "cwe": "CWE-399", "cvss_access_vector": "ADJACENT_NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-01-16T18:21:00", "cvss_created-epoch": "1326738060", "cvss2_vector": "AV:A/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2009-0692", "summary": "Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.", "cvss": "10.0", "published": "2009-07-14T20:30:00", "modified": "2017-09-29T01:33:58", "published-epoch": "1247603400", "modified-epoch": "1506648838", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-07-15T11:37:00", "cvss_created-epoch": "1247657820", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2010-3611", "summary": "ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field.", "cvss": "4.3", "published": "2010-11-04T18:00:02", "modified": "2017-08-17T01:33:00", "published-epoch": "1288893602", "modified-epoch": "1502933580", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-11-05T13:35:00", "cvss_created-epoch": "1288964100", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2012-3955", "summary": "ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced.", "cvss": "7.1", "published": "2012-09-14T10:33:21", "modified": "2013-08-22T03:57:27", "published-epoch": "1347618801", "modified-epoch": "1377143847", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-09-14T13:29:00", "cvss_created-epoch": "1347629340", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2010-2156", "summary": "ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID.", "cvss": "5.0", "published": "2010-06-07T17:13:07", "modified": "2017-08-17T01:32:38", "published-epoch": "1275930787", "modified-epoch": "1502933558", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-06-08T15:20:00", "cvss_created-epoch": "1276010400", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2011-2748", "summary": "The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.", "cvss": "7.8", "published": "2011-08-15T21:55:02", "modified": "2017-08-29T01:29:32", "published-epoch": "1313445302", "modified-epoch": "1503970172", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-08-16T16:07:00", "cvss_created-epoch": "1313510820", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}], "tags": ["protocol", "server"], "homepage": "https://www.isc.org/software/dhcp", "upstream-source": "https://ftp.isc.org/isc/dhcp/4.4.1/dhcp-4.4.1.tar.gz", "latest-version": "4.4.1", "short_version": "4.2.4-7ubuntu12.1", "latest_cmp": false, "url": "https://ftp.isc.org/isc/dhcp/4.4.1/dhcp-4.4.1.tar.gz", "codetype": "Native", "coverity_scan": {"name": "ISC-DHCP", "language": "C/C++", "id": 93, "homepage_url": "http://www.isc.org", "details": {"loc": 313652, "defect_density": {"comparison": 0.5, "over_time": [{"2017-05-01": 0.13, "2018-01-01": 0.12, "2016-12-01": 0.13, "2017-11-01": 0.12, "2017-04-01": 0.13, "2017-10-01": 0.13, "2017-06-01": 0.13, "2018-02-01": 0.12, "2017-02-01": 0.13, "2016-04-01": 0.16, "2017-08-01": 0.13, "2017-01-01": 0.13, "2017-07-01": 0.13, "2018-03-01": 0.12, "2016-11-01": 0.13, "2017-12-01": 0.14, "2017-03-01": 0.13, "2016-03-01": 0.16, "2017-09-01": 0.13, "2016-09-01": 0.16, "2016-10-01": 0.23}], "score": 0.12, "verdict": "low", "loc_range": "100,000 to 499,999"}, "build_date": "2018-03-19", "project_url": "https://scan.coverity.com/projects/isc-dhcp", "version": "", "cwe": [{"name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "defect_count": 10, "id": 120, "rank": 3, "uri": "http://cwe.mitre.org/top25/#CWE-120"}, {"name": "Use of Potentially Dangerous Function", "defect_count": 17, "id": 676, "rank": 18, "uri": "http://cwe.mitre.org/top25/#CWE-676"}]}, "repo_url": "N/A", "slug": "isc-dhcp", "mapped-name": "dhcp"}}, {"extended-objects": [{"confidence": 0.22807017543859648, "sha1": "98c174a66e4fb99aa2e4c34a52ab83f434a680e2", "name": "diff3", "timestamp": 1382361808, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/diff3"], "type": "native", "source-match": "sdiff"}, {"confidence": 0.9411764705882353, "sha1": "907ea004a7830cc53fe53db52c26b16fdf17d5ee", "name": "diff", "timestamp": 1382361808, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/diff"], "type": "native"}, {"confidence": 1.0, "sha1": "e0ed1c22824f430c6f82baaeb71fc7422ca2cf33", "name": "sdiff", "timestamp": 1382361808, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/sdiff"], "type": "native", "source-match": "sdiff"}], "objects": ["diff3", "diff", "sdiff"], "version": "3.3-1", "lib": "diffutils", "distro_version": "3.3-1", "distro": "ubuntu", "latest_version": "3.6", "vuln-count": {"total": 0, "exact": 0, "historical": 0}, "vulns": [], "tags": ["utility"], "homepage": "https://www.gnu.org/s/diffutils/", "upstream-source": "https://ftp.gnu.org/gnu/diffutils/diffutils-3.6.tar.xz", "latest-version": "3.6", "short_version": "3.3-1", "latest_cmp": false, "url": "https://ftp.gnu.org/gnu/diffutils/diffutils-3.6.tar.xz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.2948837209302326, "sha1": "4655c2c53c01d3e8032dab36231acf8d3447bb1f", "name": "dpkg-divert", "timestamp": 1428594666, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/dpkg-divert"], "type": "native"}, {"confidence": 0.9451162790697675, "sha1": "f97bf039623dd55546ffa4ed545b83b3070d2276", "name": "dpkg", "timestamp": 1428594666, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/dpkg"], "type": "native"}, {"confidence": 0.29674418604651165, "sha1": "eaec5f9b88a273500bc3df41fbe71fe6b8a9328b", "name": "dpkg-query", "timestamp": 1428594666, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/dpkg-query"], "type": "native"}], "objects": ["dpkg-divert", "dpkg", "dpkg-query"], "version": "1.17.5ubuntu5.4", "lib": "dpkg", "distro_version": "1.17.5ubuntu5.4", "distro": "ubuntu", "cpe": ["cpe:/a:debian:dpkg:1.17.5ubuntu5.4"], "latest_version": "1.19.0.5", "vuln-count": {"total": 11, "exact": 1, "historical": 10}, "vulns": [{"vuln": {"cve": "CVE-2014-8625", "summary": "Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.", "cvss": "6.8", "published": "2015-01-20T15:59:01", "modified": "2017-09-08T01:29:25", "published-epoch": "1421769541", "modified-epoch": "1504834165", "cwe": "CWE-134", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-01-21T17:48:12", "cvss_created-epoch": "1421862492", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true}, {"vuln": {"cve": "CVE-2017-8283", "summary": "dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.", "cvss": "7.5", "published": "2017-04-26T05:59:00", "modified": "2017-05-10T17:46:51", "published-epoch": "1493186340", "modified-epoch": "1494438411", "cwe": "CWE-22", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-09T16:08:04", "cvss_created-epoch": "1494346084", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": false}, {"vuln": {"cve": "CVE-2014-3127", "summary": "dpkg 1.15.9 on Debian squeeze introduces support for the \"C-style encoded filenames\" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.", "cvss": "7.1", "published": "2014-05-14T00:55:10", "modified": "2014-06-05T04:31:40", "published-epoch": "1400028910", "modified-epoch": "1401942700", "cwe": "CWE-22", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-05-14T23:25:25", "cvss_created-epoch": "1400109925", "cvss2_vector": "AV:N/AC:H/Au:N:/C:N/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-0860", "summary": "Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an \"old-style\" Debian binary package, which triggers a stack-based buffer overflow.", "cvss": "7.5", "published": "2015-12-03T20:59:01", "modified": "2017-07-01T01:29:13", "published-epoch": "1449176341", "modified-epoch": "1498872553", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-12-04T15:19:52", "cvss_created-epoch": "1449242392", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-0402", "summary": "dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory.", "cvss": "6.8", "published": "2011-01-11T03:00:05", "modified": "2017-08-17T01:33:28", "published-epoch": "1294714805", "modified-epoch": "1502933608", "cwe": "CWE-59", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-01-11T20:12:00", "cvss_created-epoch": "1294776720", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-0471", "summary": "Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to \"C-style filename quoting.\"", "cvss": "5.0", "published": "2014-04-30T14:22:06", "modified": "2015-10-16T14:53:06", "published-epoch": "1398867726", "modified-epoch": "1445007186", "cwe": "CWE-22", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-10-16T14:43:36", "cvss_created-epoch": "1445006616", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-0840", "summary": "The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).", "cvss": "4.3", "published": "2015-04-13T14:59:01", "modified": "2017-01-03T02:59:43", "published-epoch": "1428937141", "modified-epoch": "1483412383", "cwe": "CWE-284", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-04-14T12:51:27", "cvss_created-epoch": "1429015887", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-1679", "summary": "Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package.", "cvss": "6.8", "published": "2011-01-11T03:00:01", "modified": "2017-08-17T01:32:27", "published-epoch": "1294714801", "modified-epoch": "1502933547", "cwe": "CWE-22", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-01-11T15:09:00", "cvss_created-epoch": "1294758540", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-2768", "summary": "dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059.", "cvss": "7.2", "published": "2010-06-08T18:30:07", "modified": "2017-08-17T01:29:01", "published-epoch": "1276021807", "modified-epoch": "1502933341", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-06-09T13:04:00", "cvss_created-epoch": "1276088640", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-3227", "summary": "dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the \"C-style encoded filenames\" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program.", "cvss": "6.4", "published": "2014-05-30T18:55:05", "modified": "2014-06-24T15:55:07", "published-epoch": "1401476105", "modified-epoch": "1403625307", "cwe": "CWE-22", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-06-02T14:00:46", "cvss_created-epoch": "1401717646", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-0396", "summary": "Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.", "cvss": "5.8", "published": "2010-03-15T13:28:25", "modified": "2017-08-17T01:31:59", "published-epoch": "1268659705", "modified-epoch": "1502933519", "cwe": "CWE-22", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-03-15T18:10:00", "cvss_created-epoch": "1268676600", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["system"], "homepage": "https://wiki.debian.org/Teams/Dpkg", "upstream-source": "https://dl.bintray.com/homebrew/mirror/dpkg-1.19.0.5.tar.xz", "latest-version": "1.19.0.5", "short_version": "1.17.5ubuntu5.4", "latest_cmp": false, "url": "https://dl.bintray.com/homebrew/mirror/dpkg-1.19.0.5.tar.xz", "codetype": "Native", "coverity_scan": {"name": "guillemj/dpkg", "language": "C/C++", "id": 2083, "homepage_url": "https://wiki.debian.org/Teams/Dpkg", "details": {"loc": 110422, "defect_density": {"comparison": 0.5, "over_time": [{"2017-05-01": 0.0, "2016-05-01": 0.02, "2016-04-01": 0.01, "2016-07-01": 0.02, "2016-08-01": 0.0}], "score": 0.0, "verdict": "low", "loc_range": "100,000 to 499,999"}, "build_date": "2017-05-20", "project_url": "https://scan.coverity.com/projects/guillemj-dpkg", "version": "03a8169", "cwe": []}, "repo_url": "https://github.com/guillemj/dpkg.git", "slug": "guillemj-dpkg", "mapped-name": "dpkg"}}, {"extended-objects": [{"confidence": 0.8757396449704142, "sha1": "bd1b27fd34b779a8df2b10f5c7bc13f28fcc8a47", "name": "libext2fs.so.2.4", "timestamp": 1424114748, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libext2fs.so.2.4"], "type": "native"}], "objects": ["libext2fs.so.2.4"], "version": "1.42.9-3ubuntu1.2", "lib": "e2fsprogs", "distro_version": "1.42.9-3ubuntu1.2", "distro": "ubuntu", "cpe": ["cpe:/a:e2fsprogs_project:e2fsprogs:1.42.9-3ubuntu1.2"], "latest_version": "1.44.0", "vuln-count": {"total": 3, "exact": 0, "historical": 3}, "vulns": [{"vuln": {"cve": "CVE-2015-0247", "summary": "Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.", "cvss": "4.6", "published": "2015-02-17T15:59:02", "modified": "2017-11-08T02:29:01", "published-epoch": "1424188742", "modified-epoch": "1510108141", "cwe": "CWE-119", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-09-10T01:46:35", "cvss_created-epoch": "1441849595", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-1572", "summary": "Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.", "cvss": "4.6", "published": "2015-02-24T15:59:05", "modified": "2017-11-08T02:29:01", "published-epoch": "1424793545", "modified-epoch": "1510108141", "cwe": "CWE-119", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-02-27T18:45:40", "cvss_created-epoch": "1425062740", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2007-5497", "summary": "Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.", "cvss": "5.8", "published": "2007-12-07T11:46:00", "modified": "2017-09-29T01:29:38", "published-epoch": "1197027960", "modified-epoch": "1506648578", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-12-07T14:52:00", "cvss_created-epoch": "1197039120", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["utility"], "homepage": "https://e2fsprogs.sourceforge.io/", "upstream-source": "https://downloads.sourceforge.net/project/e2fsprogs/e2fsprogs/v1.44.0/e2fsprogs-1.44.0.tar.gz", "latest-version": "1.44.0", "short_version": "1.42.9-3ubuntu1.2", "latest_cmp": false, "url": "https://downloads.sourceforge.net/project/e2fsprogs/e2fsprogs/v1.44.0/e2fsprogs-1.44.0.tar.gz", "codetype": "Native", "coverity_scan": {"name": "e2fsprogs", "language": "C/C++", "id": 48, "homepage_url": "http://e2fsprogs.sourceforge.net/", "details": {"loc": 122352, "defect_density": {"comparison": 0.5, "over_time": [{"2017-05-01": 0.38, "2018-01-01": 0.37, "2016-08-01": 0.48, "2017-04-01": 0.37, "2016-05-01": 0.39, "2017-10-01": 5.54, "2016-06-01": 0.37, "2017-06-01": 0.38, "2018-02-01": 0.37, "2017-02-01": 0.37, "2016-04-01": 0.36, "2017-08-01": 0.37, "2017-01-01": 0.46, "2017-07-01": 0.38, "2016-11-01": 0.46, "2017-12-01": 0.37, "2017-03-01": 0.37, "2016-10-01": 0.46, "2017-09-01": 0.37, "2016-09-01": 0.46, "2016-03-01": 0.37}], "score": 0.37, "verdict": "low", "loc_range": "100,000 to 499,999"}, "build_date": "2018-02-09", "project_url": "https://scan.coverity.com/projects/e2fsprogs", "version": "v1.43.9-92-g604075a", "cwe": [{"name": "Use of Potentially Dangerous Function", "defect_count": 5, "id": 676, "rank": 18, "uri": "http://cwe.mitre.org/top25/#CWE-676"}]}, "repo_url": "git://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git", "slug": "e2fsprogs", "mapped-name": "e2fsprogs"}}, {"extended-objects": [{"confidence": 0.9545454545454546, "sha1": "0863dad1b12c08a1c8ba7fe9ca8d8ac3f2401419", "name": "libexpatw.so.1.6.0", "timestamp": 1386078606, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/lib/x86_64-linux-gnu/libexpatw.so.1.6.0"], "type": "native"}, {"confidence": 0.9772727272727273, "sha1": "45d70cdf93d873288ebb5bb53c818c367becb16d", "name": "libexpat.so.1.6.0", "timestamp": 1386078606, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libexpat.so.1.6.0"], "type": "native"}], "objects": ["libexpatw.so.1.6.0", "libexpat.so.1.6.0"], "version": "2.1.0-4ubuntu1", "lib": "expat", "distro_version": "2.1.0-4ubuntu1", "distro": "ubuntu", "cpe": ["cpe:/a:libexpat:expat:2.1.0-4ubuntu1"], "latest_version": "2.2.5", "vuln-count": {"total": 11, "exact": 3, "historical": 8}, "vulns": [{"vuln": {"cve": "CVE-2012-6702", "summary": "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.", "cvss": "4.3", "published": "2016-06-16T18:59:00", "modified": "2017-11-03T01:29:00", "published-epoch": "1466103540", "modified-epoch": "1509672540", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-17T21:36:45", "cvss_created-epoch": "1466199405", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss3_score": "5.9"}, "exact": true, "triage": [{"id": 251, "vuln_id": "CVE-2012-6702", "component": "expat", "vendor": null, "codetype": "NA", "version": "2.1.0-4ubuntu1", "modified": "2018-03-22T23:19:37.519085", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2013-0340", "summary": "expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.", "cvss": "6.8", "published": "2014-01-21T18:55:09", "modified": "2017-07-01T01:29:03", "published-epoch": "1390330509", "modified-epoch": "1498872543", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-01-22T20:33:52", "cvss_created-epoch": "1390422832", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true, "notes": [{"type": "demoted", "reason": "Unsafe default parameters"}], "triage": [{"id": 248, "vuln_id": "CVE-2013-0340", "component": "expat", "vendor": null, "codetype": "NA", "version": "2.1.0-4ubuntu1", "modified": "2018-03-22T23:19:37.497745", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-1283", "summary": "Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.", "cvss": "6.8", "published": "2015-07-23T00:59:12", "modified": "2017-11-03T01:29:00", "published-epoch": "1437613152", "modified-epoch": "1509672540", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-03-16T18:27:12", "cvss_created-epoch": "1458152832", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2016-4472", "summary": "The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.", "cvss": "6.8", "published": "2016-06-30T17:59:04", "modified": "2017-11-03T01:29:02", "published-epoch": "1467309544", "modified-epoch": "1509672542", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-15T12:10:32", "cvss_created-epoch": "1481803832", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "8.1"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2016-0718", "summary": "Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.", "cvss": "7.5", "published": "2016-05-26T16:59:00", "modified": "2018-01-05T02:30:29", "published-epoch": "1464281940", "modified-epoch": "1515119429", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-08-18T19:13:24", "cvss_created-epoch": "1471547604", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 245, "vuln_id": "CVE-2016-0718", "component": "expat", "vendor": null, "codetype": "NA", "version": "2.1.0-4ubuntu1", "modified": "2018-03-22T23:19:37.461742", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-5300", "summary": "The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.", "cvss": "7.8", "published": "2016-06-16T18:59:10", "modified": "2017-11-03T01:29:03", "published-epoch": "1466103550", "modified-epoch": "1509672543", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-18T01:17:18", "cvss_created-epoch": "1466212638", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2009-3560", "summary": "The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.", "cvss": "5.0", "published": "2009-12-04T21:30:00", "modified": "2017-09-19T01:29:40", "published-epoch": "1259962200", "modified-epoch": "1505784580", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-12-07T15:36:00", "cvss_created-epoch": "1260200160", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-0876", "summary": "The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.", "cvss": "4.3", "published": "2012-07-03T19:55:02", "modified": "2018-01-05T02:29:28", "published-epoch": "1341345302", "modified-epoch": "1515119368", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-28T17:02:35", "cvss_created-epoch": "1467133355", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-1147", "summary": "readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.", "cvss": "4.3", "published": "2012-07-03T19:55:02", "modified": "2017-09-13T01:29:00", "published-epoch": "1341345302", "modified-epoch": "1505266140", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-03-30T17:25:59", "cvss_created-epoch": "1459358759", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-1148", "summary": "Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.", "cvss": "5.0", "published": "2012-07-03T19:55:02", "modified": "2018-01-05T02:29:28", "published-epoch": "1341345302", "modified-epoch": "1515119368", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-01T20:30:39", "cvss_created-epoch": "1464813039", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-3720", "summary": "The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.", "cvss": "5.0", "published": "2009-11-03T16:30:12", "modified": "2017-09-19T01:29:44", "published-epoch": "1257265812", "modified-epoch": "1505784584", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-11-04T14:31:00", "cvss_created-epoch": "1257345060", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["parser"], "homepage": "https://libexpat.github.io/", "upstream-source": "https://downloads.sourceforge.net/project/expat/expat/2.2.5/expat-2.2.5.tar.bz2", "latest-version": "2.2.5", "short_version": "2.1.0-4ubuntu1", "latest_cmp": false, "url": "https://downloads.sourceforge.net/project/expat/expat/2.2.5/expat-2.2.5.tar.bz2", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.9035532994923858, "sha1": "078cda0b30e0dde2dfeed12e0727c7e7cf867e64", "name": "libmagic.so.1.0.0", "timestamp": 1422373794, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/lib/x86_64-linux-gnu/libmagic.so.1.0.0"], "type": "native"}], "objects": ["libmagic.so.1.0.0"], "version": "5.14-2ubuntu3.3", "lib": "file", "distro_version": "5.14-2ubuntu3.3", "distro": "ubuntu", "cpe": ["cpe:/a:file_project:file:5.14-2ubuntu3.3", "cpe:/a:christos_zoulas:file:5.14-2ubuntu3.3"], "latest_version": "5.32", "vuln-count": {"total": 24, "exact": 0, "historical": 24}, "vulns": [{"vuln": {"cve": "CVE-2014-0207", "summary": "The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.", "cvss": "4.3", "published": "2014-07-09T11:07:01", "modified": "2016-11-28T19:10:28", "published-epoch": "1404904021", "modified-epoch": "1480360228", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-07-09T16:43:22", "cvss_created-epoch": "1404924202", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-2270", "summary": "softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.", "cvss": "4.3", "published": "2014-03-14T15:55:05", "modified": "2017-07-01T01:29:05", "published-epoch": "1394812505", "modified-epoch": "1498872545", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-03-17T13:29:44", "cvss_created-epoch": "1395062984", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3478", "summary": "Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.", "cvss": "5.0", "published": "2014-07-09T11:07:01", "modified": "2016-11-28T19:11:29", "published-epoch": "1404904021", "modified-epoch": "1480360289", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-07-09T17:02:31", "cvss_created-epoch": "1404925351", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3479", "summary": "The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.", "cvss": "4.3", "published": "2014-07-09T11:07:01", "modified": "2016-11-28T19:11:30", "published-epoch": "1404904021", "modified-epoch": "1480360290", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-07-09T17:26:08", "cvss_created-epoch": "1404926768", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3480", "summary": "The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.", "cvss": "4.3", "published": "2014-07-09T11:07:01", "modified": "2016-11-28T19:11:32", "published-epoch": "1404904021", "modified-epoch": "1480360292", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-07-09T17:28:06", "cvss_created-epoch": "1404926886", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3487", "summary": "The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.", "cvss": "4.3", "published": "2014-07-09T11:07:01", "modified": "2016-11-28T19:11:33", "published-epoch": "1404904021", "modified-epoch": "1480360293", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-07-09T17:28:55", "cvss_created-epoch": "1404926935", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3538", "summary": "file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.", "cvss": "5.0", "published": "2014-07-03T14:55:07", "modified": "2018-01-05T02:29:50", "published-epoch": "1404399307", "modified-epoch": "1515119390", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-07-07T09:52:44", "cvss_created-epoch": "1404726764", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3587", "summary": "Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.", "cvss": "4.3", "published": "2014-08-23T01:55:01", "modified": "2018-01-05T02:29:50", "published-epoch": "1408758901", "modified-epoch": "1515119390", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-08-25T15:18:39", "cvss_created-epoch": "1408979919", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-9620", "summary": "The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.", "cvss": "5.0", "published": "2015-01-21T18:59:05", "modified": "2018-01-05T02:29:56", "published-epoch": "1421866745", "modified-epoch": "1515119396", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-10-21T12:39:33", "cvss_created-epoch": "1445431173", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2013-7345", "summary": "The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.", "cvss": "5.0", "published": "2014-03-24T16:31:08", "modified": "2014-11-19T02:59:11", "published-epoch": "1395678668", "modified-epoch": "1416365951", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-03-24T16:44:20", "cvss_created-epoch": "1395679460", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-9652", "summary": "The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file.", "cvss": "5.0", "published": "2015-03-30T10:59:01", "modified": "2017-07-01T01:29:09", "published-epoch": "1427713141", "modified-epoch": "1498872549", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-10-20T17:04:15", "cvss_created-epoch": "1476983055", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-9653", "summary": "readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.", "cvss": "7.5", "published": "2015-03-30T10:59:03", "modified": "2018-01-05T02:29:57", "published-epoch": "1427713143", "modified-epoch": "1515119397", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-10-20T17:04:15", "cvss_created-epoch": "1476983055", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-8117", "summary": "softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.", "cvss": "5.0", "published": "2014-12-17T19:59:05", "modified": "2018-01-05T02:29:54", "published-epoch": "1418846345", "modified-epoch": "1515119394", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-08-30T16:39:18", "cvss_created-epoch": "1472575158", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2007-2026", "summary": "The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.", "cvss": "7.8", "published": "2007-04-13T18:19:00", "modified": "2011-03-08T02:53:23", "published-epoch": "1176488340", "modified-epoch": "1299552803", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-04-17T17:31:00", "cvss_created-epoch": "1176831060", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-3930", "summary": "Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow.", "cvss": "9.3", "published": "2009-11-10T19:30:01", "modified": "2009-11-24T07:04:25", "published-epoch": "1257881401", "modified-epoch": "1259046265", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-11-11T17:24:00", "cvss_created-epoch": "1257960240", "cvss2_vector": "AV:N/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-1515", "summary": "Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information.", "cvss": "6.8", "published": "2009-05-04T16:30:00", "modified": "2009-11-13T07:12:14", "published-epoch": "1241454600", "modified-epoch": "1258096334", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-05-05T09:43:00", "cvss_created-epoch": "1241516580", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-1571", "summary": "file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.", "cvss": "4.3", "published": "2012-07-17T21:55:01", "modified": "2014-03-08T04:55:12", "published-epoch": "1342562101", "modified-epoch": "1394254512", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-07-18T13:21:00", "cvss_created-epoch": "1342617660", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0102", "summary": "Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).", "cvss": "4.6", "published": "2003-03-18T05:00:00", "modified": "2016-10-18T02:29:32", "published-epoch": "1047963600", "modified-epoch": "1476757772", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-1304", "summary": "Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.", "cvss": "10.0", "published": "2005-01-10T05:00:00", "modified": "2017-07-11T01:30:54", "published-epoch": "1105333200", "modified-epoch": "1499736654", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-9621", "summary": "The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string.", "cvss": "5.0", "published": "2015-01-21T18:59:07", "modified": "2017-07-01T01:29:09", "published-epoch": "1421866747", "modified-epoch": "1498872549", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-08-11T14:02:50", "cvss_created-epoch": "1439301770", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-2799", "summary": "Integer overflow in the \"file\" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.", "cvss": "5.1", "published": "2007-05-23T21:30:00", "modified": "2017-10-11T01:32:24", "published-epoch": "1179955800", "modified-epoch": "1507685544", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-05-24T17:19:00", "cvss_created-epoch": "1180027140", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-1000249", "summary": "An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).", "cvss": "2.1", "published": "2017-09-11T19:29:00", "modified": "2017-11-08T02:29:02", "published-epoch": "1505158140", "modified-epoch": "1510108142", "cwe": "CWE-119", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-09-29T15:24:54", "cvss_created-epoch": "1506698694", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "cvss3_score": "5.5"}, "exact": false}, {"vuln": {"cve": "CVE-2007-1536", "summary": "Integer underflow in the file_printf function in the \"file\" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.", "cvss": "9.3", "published": "2007-03-20T20:19:00", "modified": "2017-10-11T01:31:53", "published-epoch": "1174421940", "modified-epoch": "1507685513", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-03-22T00:03:00", "cvss_created-epoch": "1174521780", "cvss2_vector": "AV:N/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-8116", "summary": "The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.", "cvss": "5.0", "published": "2014-12-17T19:59:02", "modified": "2018-01-05T02:29:54", "published-epoch": "1418846342", "modified-epoch": "1515119394", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-08-30T16:28:14", "cvss_created-epoch": "1472574494", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["system"], "homepage": "https://www.darwinsys.com/file/", "upstream-source": "ftp://ftp.astron.com/pub/file/file-5.32.tar.gz", "latest-version": "5.32", "short_version": "5.14-2ubuntu3.3", "latest_cmp": false, "url": "ftp://ftp.astron.com/pub/file/file-5.32.tar.gz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.939622641509434, "sha1": "730193dfd6963a91ee54284b0f3c83c5e955530c", "name": "oldfind", "timestamp": 1389018466, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/oldfind"], "type": "native"}, {"confidence": 1.0, "sha1": "b1102d19d56de7dba047b56b06b3cfe04284ca23", "name": "find", "timestamp": 1389018466, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/find"], "type": "native"}], "objects": ["oldfind", "find"], "version": "4.4.2-7", "lib": "findutils", "distro_version": "4.4.2-7", "distro": "ubuntu", "cpe": ["cpe:/a:gnu:findutils:4.4.2-7"], "latest_version": "4.6.0", "vuln-count": {"total": 2, "exact": 0, "historical": 2}, "vulns": [{"vuln": {"cve": "CVE-2001-1036", "summary": "GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory.", "cvss": "7.2", "published": "2001-08-31T04:00:00", "modified": "2017-10-10T01:29:58", "published-epoch": "999230400", "modified-epoch": "1507598998", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-2452", "summary": "Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.", "cvss": "6.0", "published": "2007-06-04T16:30:00", "modified": "2017-07-29T01:31:28", "published-epoch": "1180974600", "modified-epoch": "1501291888", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-06-05T12:06:00", "cvss_created-epoch": "1181045160", "cvss2_vector": "AV:N/AC:M/Au:S:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["utility"], "homepage": "https://www.gnu.org/software/findutils/", "upstream-source": "https://ftp.gnu.org/gnu/findutils/findutils-4.6.0.tar.gz", "latest-version": "4.6.0", "short_version": "4.4.2-7", "latest_cmp": false, "url": "https://ftp.gnu.org/gnu/findutils/findutils-4.6.0.tar.gz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.9523809523809523, "sha1": "03404af701eb5545790548b85caeb0d6ab527ab4", "name": "libgdbm.so.3.0.0", "timestamp": 1375440123, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/lib/x86_64-linux-gnu/libgdbm.so.3.0.0"], "type": "native"}], "objects": ["libgdbm.so.3.0.0"], "version": "1.8.3-12build1", "lib": "gdbm", "distro_version": "1.8.3-12build1", "distro": "ubuntu", "latest_version": "1.14.1", "vuln-count": {"total": 0, "exact": 0, "historical": 0}, "vulns": [], "tags": ["database"], "homepage": "https://www.gnu.org/software/gdbm/", "upstream-source": "https://ftp.gnu.org/gnu/gdbm/gdbm-1.14.1.tar.gz", "latest-version": "1.14.1", "short_version": "1.8.3-12build1", "latest_cmp": false, "url": "https://ftp.gnu.org/gnu/gdbm/gdbm-1.14.1.tar.gz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.25, "sha1": "1f18479f19ee690de8aab335fafd244c8aa6f17c", "name": "libc-2.19.so", "timestamp": 1424883411, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libc-2.19.so"], "type": "native"}, {"confidence": 0.25, "sha1": "c14e099f6aa41218354fbeb078b703f0e65b7b86", "name": "ldconfig.real", "timestamp": 1424883452, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "sbin/ldconfig.real"], "type": "native"}], "objects": ["libc-2.19.so", "ldconfig.real"], "version": null, "lib": "gettext", "distro_version": null, "distro": "ubuntu", "cpe": ["cpe:/a:gnu:gettext:"], "latest_version": "0.19.8.1", "vuln-count": {"total": 1, "exact": 0, "historical": 1}, "vulns": [{"vuln": {"cve": "CVE-2004-0966", "summary": "The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.", "cvss": "2.1", "published": "2005-02-09T05:00:00", "modified": "2017-07-11T01:30:37", "published-epoch": "1107925200", "modified-epoch": "1499736637", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}], "tags": ["translation"], "homepage": "https://www.gnu.org/software/gettext/", "upstream-source": "https://ftp.gnu.org/gnu/gettext/gettext-0.19.8.1.tar.xz", "latest-version": "0.19.8.1", "short_version": "", "latest_cmp": null, "url": "https://ftp.gnu.org/gnu/gettext/gettext-0.19.8.1.tar.xz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.3046387154326494, "sha1": "aafed39e4021ddd7c2c5a9934a9554f75649d83d", "name": "git-http-backend", "timestamp": 1421178461, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/git-core/git-http-backend"], "type": "native"}, {"confidence": 0.31400535236396077, "sha1": "84906cd06d64ff65ec93672022a9b94c091c2d5d", "name": "git-remote-http", "timestamp": 1421178462, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/git-core/git-remote-http"], "type": "native"}, {"confidence": 0.31289027653880463, "sha1": "7f3bcee4172ca8a11c0dfc9ece0a13b512b76e9d", "name": "git-upload-pack", "timestamp": 1421178460, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/bin/git-upload-pack"], "type": "native"}, {"confidence": 0.30575379125780555, "sha1": "62058b4502b41a37ce93bb400d99b3392f21a7d9", "name": "git-credential-store", "timestamp": 1421178461, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/git-core/git-credential-store"], "type": "native"}, {"confidence": 0.30575379125780555, "sha1": "b661e0a5001838abcb5d5cc8c02f21b6acf20cb9", "name": "git-credential-cache--daemon", "timestamp": 1421178461, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/git-core/git-credential-cache--daemon"], "type": "native"}, {"confidence": 0.3050847457627119, "sha1": "b6b8aeb4ab18e9ff93b5e2396f012df680974276", "name": "git-shell", "timestamp": 1421178462, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/git-core/git-shell"], "type": "native"}, {"confidence": 0.30419268510258696, "sha1": "ddb97b0d258b76d55f2d7418f61d26e92a9f2f43", "name": "git-show-index", "timestamp": 1421178462, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/git-core/git-show-index"], "type": "native"}, {"confidence": 0.30396966993755575, "sha1": "be70e5bb2fde4edd2e5a1c90b82efecf68a2d453", "name": "git-remote-testsvn", "timestamp": 1421178462, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/git-core/git-remote-testsvn"], "type": "native"}, {"confidence": 0.30374665477252455, "sha1": "b35cbcbdb446c38a287ab16e3085db8922aa8365", "name": "git-sh-i18n--envsubst", "timestamp": 1421178462, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/git-core/git-sh-i18n--envsubst"], "type": "native"}, {"confidence": 0.3068688670829616, "sha1": "4a1c62b5eed34f76540c01a47a311c1691bd826b", "name": "git-fast-import", "timestamp": 1421178461, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/git-core/git-fast-import"], "type": "native"}, {"confidence": 0.9803746654772525, "sha1": "0ed05c6ca9168bae9511c90ba6770c44ed99d30c", "name": "git", "timestamp": 1421178460, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/bin/git"], "type": "native"}, {"confidence": 0.30597680642283676, "sha1": "23ca1eaafdd62849884efbb8e7567406cdc7ab82", "name": "git-http-fetch", "timestamp": 1421178461, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/git-core/git-http-fetch"], "type": "native"}, {"confidence": 0.3090990187332739, "sha1": "c1430b75d899698d3d223f9705b438b6499e52e7", "name": "git-daemon", "timestamp": 1421178461, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/git-core/git-daemon"], "type": "native"}, {"confidence": 0.9803746654772525, "sha1": "0ed05c6ca9168bae9511c90ba6770c44ed99d30c", "name": "git", "timestamp": 1421178462, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/git-core/git"], "type": "native"}, {"confidence": 0.3050847457627119, "sha1": "b6b8aeb4ab18e9ff93b5e2396f012df680974276", "name": "git-shell", "timestamp": 1421178460, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/bin/git-shell"], "type": "native"}, {"confidence": 0.31289027653880463, "sha1": "7f3bcee4172ca8a11c0dfc9ece0a13b512b76e9d", "name": "git-upload-pack", "timestamp": 1421178462, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/git-core/git-upload-pack"], "type": "native"}, {"confidence": 0.30374665477252455, "sha1": "cc65509b7debefe9233371f9fc9f6ad85757c0a1", "name": "git-credential-cache", "timestamp": 1421178461, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/git-core/git-credential-cache"], "type": "native"}, {"confidence": 0.3070918822479929, "sha1": "385a90a1ce27ba6321d4969a81d2a65a8753cf1e", "name": "git-http-push", "timestamp": 1421178461, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/git-core/git-http-push"], "type": "native"}, {"confidence": 0.3048617305976806, "sha1": "1068ff8f0c9345ce2979da8297aa418a7834e4c3", "name": "git-imap-send", "timestamp": 1421178461, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/git-core/git-imap-send"], "type": "native"}], "objects": ["git-http-backend", "git-remote-http", "git-upload-pack", "git-credential-store", "git-credential-cache--daemon", "git-shell", "git-show-index", "git-remote-testsvn", "git-sh-i18n--envsubst", "git-fast-import", "git", "git-http-fetch", "git-daemon", "git", "git-shell", "git-upload-pack", "git-credential-cache", "git-http-push", "git-imap-send"], "version": "1.9.1-1ubuntu0.1", "lib": "git", "distro_version": "1.9.1-1ubuntu0.1", "distro": "ubuntu", "cpe": ["cpe:/a:git-scm:git:1.9.1-1ubuntu0.1", "cpe:/a:jenkins:git:1.9.1-1ubuntu0.1", "cpe:/a:git_project:git:1.9.1-1ubuntu0.1"], "latest_version": "2.16.3", "vuln-count": {"total": 18, "exact": 7, "historical": 11}, "vulns": [{"vuln": {"cve": "CVE-2014-9938", "summary": "contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.", "cvss": "6.8", "published": "2017-03-20T00:59:00", "modified": "2018-01-05T02:29:58", "published-epoch": "1489971540", "modified-epoch": "1515119398", "cwe": "CWE-116", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-03-21T15:57:32", "cvss_created-epoch": "1490111852", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "8.8"}, "exact": true, "triage": [{"id": 281, "vuln_id": "CVE-2014-9938", "component": "git", "vendor": null, "codetype": "NA", "version": "1.9.1-1ubuntu0.1", "modified": "2018-03-22T23:20:42.980126", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-7082", "summary": "Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases.", "cvss": "10.0", "published": "2015-12-11T11:59:47", "modified": "2016-12-07T18:22:28", "published-epoch": "1449835187", "modified-epoch": "1481134948", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-12-11T17:26:34", "cvss_created-epoch": "1449854794", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true, "triage": [{"id": 267, "vuln_id": "CVE-2015-7082", "component": "git", "vendor": null, "codetype": "NA", "version": "1.9.1-1ubuntu0.1", "modified": "2018-03-22T23:20:42.867539", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-7545", "summary": "The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.", "cvss": "7.5", "published": "2016-04-13T15:59:01", "modified": "2017-11-04T01:29:09", "published-epoch": "1460563141", "modified-epoch": "1509758949", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-09T16:52:37", "cvss_created-epoch": "1465491157", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 273, "vuln_id": "CVE-2015-7545", "component": "git", "vendor": null, "codetype": "NA", "version": "1.9.1-1ubuntu0.1", "modified": "2018-03-22T23:20:42.907431", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-2324", "summary": "Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.", "cvss": "10.0", "published": "2016-04-08T14:59:02", "modified": "2017-09-07T01:29:02", "published-epoch": "1460127542", "modified-epoch": "1504747742", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-03T20:48:35", "cvss_created-epoch": "1464986915", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 264, "vuln_id": "CVE-2016-2324", "component": "git", "vendor": null, "codetype": "NA", "version": "1.9.1-1ubuntu0.1", "modified": "2018-03-22T23:20:42.840377", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-1000117", "summary": "A malicious third-party can give a crafted \"ssh://...\" URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running \"git clone --recurse-submodules\" to trigger the vulnerability.", "cvss": "6.8", "published": "2017-10-05T01:29:04", "modified": "2018-01-05T02:31:25", "published-epoch": "1507166944", "modified-epoch": "1515119485", "cwe": "CWE-284", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-10-18T20:18:42", "cvss_created-epoch": "1508357922", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "8.8"}, "exact": true, "triage": [{"id": 279, "vuln_id": "CVE-2017-1000117", "component": "git", "vendor": null, "codetype": "NA", "version": "1.9.1-1ubuntu0.1", "modified": "2018-03-22T23:20:42.952515", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-14867", "summary": "Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.", "cvss": "9.0", "published": "2017-09-29T01:34:50", "modified": "2017-10-11T18:00:43", "published-epoch": "1506648890", "modified-epoch": "1507744843", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-10-11T17:39:52", "cvss_created-epoch": "1507743592", "cvss2_vector": "AV:N/AC:L/Au:S:/C:C/I:C/A:C", "cvss3_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "8.8"}, "exact": true, "triage": [{"id": 270, "vuln_id": "CVE-2017-14867", "component": "git", "vendor": null, "codetype": "NA", "version": "1.9.1-1ubuntu0.1", "modified": "2018-03-22T23:20:42.886766", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2018-1000021", "summary": "GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).", "cvss": "6.8", "published": "2018-02-09T23:29:00", "modified": "2018-03-06T19:34:00", "published-epoch": "1518218940", "modified-epoch": "1520364840", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-02-09T23:29:00", "cvss_created-epoch": "1518218940", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "8.8"}, "exact": true, "triage": [{"id": 276, "vuln_id": "CVE-2018-1000021", "component": "git", "vendor": null, "codetype": "NA", "version": "1.9.1-1ubuntu0.1", "modified": "2018-03-22T23:20:42.928177", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2010-2542", "summary": "Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy.", "cvss": "7.5", "published": "2010-08-11T18:47:50", "modified": "2011-03-01T07:03:49", "published-epoch": "1281552470", "modified-epoch": "1298963029", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-08-12T19:34:00", "cvss_created-epoch": "1281641640", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-15298", "summary": "Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk.", "cvss": "4.3", "published": "2017-10-14T22:29:00", "modified": "2017-11-07T15:51:09", "published-epoch": "1508020140", "modified-epoch": "1510069869", "cwe": "CWE-400", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-11-02T16:43:46", "cvss_created-epoch": "1509641026", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3_score": "5.5"}, "exact": false}, {"vuln": {"cve": "CVE-2016-2315", "summary": "revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.", "cvss": "10.0", "published": "2016-04-08T14:59:01", "modified": "2016-12-03T03:24:57", "published-epoch": "1460127541", "modified-epoch": "1480735497", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-03T20:48:56", "cvss_created-epoch": "1464986936", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": false}, {"vuln": {"cve": "CVE-2008-3546", "summary": "Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep.", "cvss": "7.5", "published": "2008-08-07T21:41:00", "modified": "2017-08-08T01:31:58", "published-epoch": "1218145260", "modified-epoch": "1502155918", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-08-08T14:31:00", "cvss_created-epoch": "1218205860", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-2108", "summary": "git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments.", "cvss": "5.0", "published": "2009-06-18T18:30:00", "modified": "2017-08-17T01:30:39", "published-epoch": "1245349800", "modified-epoch": "1502933439", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-06-19T10:32:00", "cvss_created-epoch": "1245407520", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-0308", "summary": "The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", "cvss": "4.3", "published": "2013-03-08T21:55:03", "modified": "2017-08-29T01:33:01", "published-epoch": "1362779703", "modified-epoch": "1503970381", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-03-22T19:54:00", "cvss_created-epoch": "1363982040", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-0477", "summary": "Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link.", "cvss": "7.5", "published": "2006-01-31T11:03:00", "modified": "2017-07-20T01:29:47", "published-epoch": "1138705380", "modified-epoch": "1500514187", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-01-31T14:06:00", "cvss_created-epoch": "1138716360", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-5916", "summary": "gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query.", "cvss": "4.6", "published": "2009-01-21T02:30:00", "modified": "2017-08-08T01:33:36", "published-epoch": "1232505000", "modified-epoch": "1502156016", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-01-21T16:17:00", "cvss_created-epoch": "1232554620", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-3906", "summary": "Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.", "cvss": "4.3", "published": "2010-12-17T19:00:20", "modified": "2011-03-01T07:06:40", "published-epoch": "1292612420", "modified-epoch": "1298963200", "cwe": "CWE-79", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-12-20T14:46:00", "cvss_created-epoch": "1292856360", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-5517", "summary": "The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to (1) git_snapshot and (2) git_object.", "cvss": "7.5", "published": "2009-01-13T17:00:01", "modified": "2011-06-06T04:00:00", "published-epoch": "1231866001", "modified-epoch": "1307332800", "cwe": "CWE-94", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-01-13T19:09:00", "cvss_created-epoch": "1231873740", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-5516", "summary": "The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search.", "cvss": "7.5", "published": "2009-01-20T16:30:00", "modified": "2011-06-06T04:00:00", "published-epoch": "1232469000", "modified-epoch": "1307332800", "cwe": "CWE-78", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-01-20T19:08:00", "cvss_created-epoch": "1232478480", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["client", "protocol"], "homepage": "https://git-scm.com", "upstream-source": "https://www.kernel.org/pub/software/scm/git/git-2.16.3.tar.xz", "latest-version": "2.16.3", "short_version": "1.9.1-1ubuntu0.1", "latest_cmp": false, "url": "https://www.kernel.org/pub/software/scm/git/git-2.16.3.tar.xz", "codetype": "Native", "coverity_scan": {"name": "git", "language": "C/C++", "id": 70, "homepage_url": "http://git-scm.com/", "details": {"loc": 220747, "defect_density": {"comparison": 0.5, "over_time": [{"2017-05-01": 1.42, "2016-07-01": 1.55, "2016-12-01": 1.64, "2016-08-01": 1.55, "2017-04-01": 1.51, "2016-05-01": 1.52, "2017-10-01": 1.38, "2016-06-01": 1.54, "2017-06-01": 1.37, "2017-11-01": 1.38, "2017-02-01": 0.46, "2016-04-01": 1.49, "2017-08-01": 1.36, "2017-01-01": 1.64, "2017-07-01": 1.35, "2016-11-01": 1.61, "2017-03-01": 4.0, "2016-10-01": 1.66, "2017-09-01": 1.4, "2016-09-01": 1.5, "2016-03-01": 1.52}], "score": 1.37, "verdict": "high", "loc_range": "100,000 to 499,999"}, "build_date": "2017-11-20", "project_url": "https://scan.coverity.com/projects/git", "version": "v2.15.0-493-g4de5c2c676", "cwe": [{"name": "Integer Overflow or Wraparound", "defect_count": 1, "id": 190, "rank": 24, "uri": "http://cwe.mitre.org/top25/#CWE-190"}, {"name": "Use of Potentially Dangerous Function", "defect_count": 1, "id": 676, "rank": 18, "uri": "http://cwe.mitre.org/top25/#CWE-676"}]}, "repo_url": "http://git.kernel.org/pub/scm/git/git.git", "slug": "git", "mapped-name": "git"}}, {"extended-objects": [{"confidence": 0.9725490196078431, "sha1": "1f18479f19ee690de8aab335fafd244c8aa6f17c", "name": "libc-2.19.so", "timestamp": 1424883411, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libc-2.19.so"], "type": "native"}], "objects": ["libc-2.19.so"], "version": "2.19-0ubuntu6.6", "lib": "glibc", "distro_version": "2.19-0ubuntu6.6", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 97, "exact": 28, "historical": 69}, "vulns": [{"vuln": {"cve": "CVE-2015-7547", "summary": "Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing \"dual A/AAAA DNS queries\" and the libnss_dns.so.2 NSS module.", "cvss": "6.8", "published": "2016-02-18T21:59:00", "modified": "2018-01-18T18:18:02", "published-epoch": "1455832740", "modified-epoch": "1516299482", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-08-05T14:21:55", "cvss_created-epoch": "1470406915", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "8.1"}, "exact": true, "triage": [{"id": 213, "vuln_id": "CVE-2015-7547", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.324631", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2013-7423", "summary": "The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.", "cvss": "5.0", "published": "2015-02-24T15:59:00", "modified": "2018-01-05T02:29:45", "published-epoch": "1424793540", "modified-epoch": "1515119385", "cwe": "CWE-17", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-12-13T20:04:45", "cvss_created-epoch": "1513195485", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2017-16997", "summary": "elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the \"./\" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.", "cvss": "9.3", "published": "2017-12-18T01:29:00", "modified": "2018-01-05T15:52:06", "published-epoch": "1513560540", "modified-epoch": "1515167526", "cwe": "CWE-426", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-01-04T16:15:50", "cvss_created-epoch": "1515082550", "cvss2_vector": "AV:N/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": true, "triage": [{"id": 200, "vuln_id": "CVE-2017-16997", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:37.982122", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-6323", "summary": "The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.", "cvss": "5.0", "published": "2016-10-07T14:59:06", "modified": "2017-07-01T01:30:00", "published-epoch": "1475852346", "modified-epoch": "1498872600", "cwe": "CWE-284", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-10-07T15:37:53", "cvss_created-epoch": "1475854673", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 218, "vuln_id": "CVE-2016-6323", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.434903", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-10228", "summary": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", "cvss": "4.3", "published": "2017-03-02T01:59:00", "modified": "2017-03-04T02:59:00", "published-epoch": "1488419940", "modified-epoch": "1488596340", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-03-02T15:26:10", "cvss_created-epoch": "1488468370", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "5.9"}, "exact": true, "triage": [{"id": 226, "vuln_id": "CVE-2016-10228", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.614688", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2018-1000001", "summary": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.", "cvss": "7.2", "published": "2018-01-31T14:29:00", "modified": "2018-03-16T01:29:00", "published-epoch": "1517408940", "modified-epoch": "1521163740", "cwe": "CWE-119", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-01-31T14:29:00", "cvss_created-epoch": "1517408940", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": true, "triage": [{"id": 209, "vuln_id": "CVE-2018-1000001", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.240511", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-3075", "summary": "Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.", "cvss": "5.0", "published": "2016-06-01T20:59:03", "modified": "2018-01-05T02:30:40", "published-epoch": "1464814743", "modified-epoch": "1515119440", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-14T14:07:15", "cvss_created-epoch": "1465913235", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 220, "vuln_id": "CVE-2016-3075", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.476603", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-5417", "summary": "Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures.", "cvss": "5.0", "published": "2017-02-17T02:59:13", "modified": "2017-02-17T17:31:06", "published-epoch": "1487300353", "modified-epoch": "1487352666", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-02-17T15:56:51", "cvss_created-epoch": "1487347011", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 217, "vuln_id": "CVE-2016-5417", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.413542", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-3706", "summary": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.", "cvss": "5.0", "published": "2016-06-10T15:59:03", "modified": "2017-12-08T02:29:00", "published-epoch": "1465574343", "modified-epoch": "1512700140", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-10T17:46:36", "cvss_created-epoch": "1465580796", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 219, "vuln_id": "CVE-2016-3706", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.456035", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-4429", "summary": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.", "cvss": "7.5", "published": "2016-06-10T15:59:05", "modified": "2017-12-08T02:29:00", "published-epoch": "1465574345", "modified-epoch": "1512700140", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-10T17:28:36", "cvss_created-epoch": "1465579716", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 205, "vuln_id": "CVE-2016-4429", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.156223", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2014-4043", "summary": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.", "cvss": "7.5", "published": "2014-10-06T23:55:08", "modified": "2017-08-29T01:34:49", "published-epoch": "1412639708", "modified-epoch": "1503970489", "cwe": "CWE-94", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-04-05T18:32:41", "cvss_created-epoch": "1459881161", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2017-1000366", "summary": "glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.", "cvss": "7.2", "published": "2017-06-19T16:29:00", "modified": "2018-01-05T02:31:25", "published-epoch": "1497889740", "modified-epoch": "1515119485", "cwe": "CWE-119", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-08-01T17:54:08", "cvss_created-epoch": "1501610048", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": true, "triage": [{"id": 210, "vuln_id": "CVE-2017-1000366", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.261519", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-12132", "summary": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", "cvss": "4.3", "published": "2017-08-01T16:29:00", "modified": "2017-08-04T16:00:54", "published-epoch": "1501604940", "modified-epoch": "1501862454", "cwe": "CWE-19", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-08-02T14:38:21", "cvss_created-epoch": "1501684701", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss3_score": "5.9"}, "exact": true, "triage": [{"id": 224, "vuln_id": "CVE-2017-12132", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.572549", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-12133", "summary": "The DNS stub resolver in the GNU C Library (glibc) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attackers due to IP fragmentation.", "cvss": "4.3", "published": "2017-09-07T13:29:00", "modified": "2017-09-14T18:03:51", "published-epoch": "1504790940", "modified-epoch": "1505412231", "cwe": "CWE-19", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-09-13T15:20:50", "cvss_created-epoch": "1505316050", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss3_score": "5.9"}, "exact": true, "triage": [{"id": 223, "vuln_id": "CVE-2017-12133", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.549322", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2014-8121", "summary": "DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.", "cvss": "5.0", "published": "2015-03-27T14:59:03", "modified": "2016-12-03T03:01:43", "published-epoch": "1427468343", "modified-epoch": "1480734103", "cwe": "CWE-17", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-10T20:44:07", "cvss_created-epoch": "1465591447", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true, "triage": [{"id": 221, "vuln_id": "CVE-2014-8121", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.495533", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-15670", "summary": "The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.", "cvss": "7.5", "published": "2017-10-20T17:29:00", "modified": "2017-10-25T01:29:00", "published-epoch": "1508520540", "modified-epoch": "1508894940", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-10-24T00:38:59", "cvss_created-epoch": "1508805539", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 203, "vuln_id": "CVE-2017-15670", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.112117", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-15671", "summary": "The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).", "cvss": "4.3", "published": "2017-10-20T17:29:00", "modified": "2017-10-25T01:29:00", "published-epoch": "1508520540", "modified-epoch": "1508894940", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-10-24T00:36:30", "cvss_created-epoch": "1508805390", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "5.9"}, "exact": true, "triage": [{"id": 222, "vuln_id": "CVE-2017-15671", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.527040", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-15804", "summary": "The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.", "cvss": "7.5", "published": "2017-10-22T20:29:02", "modified": "2017-10-26T01:29:00", "published-epoch": "1508704142", "modified-epoch": "1508981340", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-10-24T00:23:54", "cvss_created-epoch": "1508804634", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 202, "vuln_id": "CVE-2017-15804", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.090037", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2014-9402", "summary": "The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.", "cvss": "7.8", "published": "2015-02-24T15:59:02", "modified": "2018-01-18T18:18:01", "published-epoch": "1424793542", "modified-epoch": "1516299481", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-10T20:44:27", "cvss_created-epoch": "1465591467", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-9761", "summary": "Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.", "cvss": "7.5", "published": "2016-04-19T21:59:00", "modified": "2018-01-05T02:29:57", "published-epoch": "1461103140", "modified-epoch": "1515119397", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-10T20:45:52", "cvss_created-epoch": "1465591552", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 208, "vuln_id": "CVE-2014-9761", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.221414", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2014-0475", "summary": "Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.", "cvss": "6.8", "published": "2014-07-29T14:55:05", "modified": "2016-11-28T19:10:39", "published-epoch": "1406645705", "modified-epoch": "1480360239", "cwe": "CWE-22", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-10T20:47:31", "cvss_created-epoch": "1465591651", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-6040", "summary": "GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of \"0xffff\" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.", "cvss": "5.0", "published": "2014-12-05T16:59:09", "modified": "2017-01-03T02:59:06", "published-epoch": "1417798749", "modified-epoch": "1483412346", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-10T20:42:29", "cvss_created-epoch": "1465591349", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-9984", "summary": "nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.", "cvss": "7.5", "published": "2017-06-12T13:29:00", "modified": "2017-06-17T01:29:00", "published-epoch": "1497274140", "modified-epoch": "1497662940", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-06-15T15:23:33", "cvss_created-epoch": "1497540213", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 204, "vuln_id": "CVE-2014-9984", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.133508", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-1472", "summary": "The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.", "cvss": "7.5", "published": "2015-04-08T10:59:02", "modified": "2018-01-18T18:18:01", "published-epoch": "1428490742", "modified-epoch": "1516299481", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-10T20:46:11", "cvss_created-epoch": "1465591571", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-1473", "summary": "The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call.", "cvss": "6.4", "published": "2015-04-08T10:59:03", "modified": "2016-11-28T19:18:14", "published-epoch": "1428490743", "modified-epoch": "1480360694", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-09-25T18:23:17", "cvss_created-epoch": "1443205397", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-1781", "summary": "Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.", "cvss": "6.8", "published": "2015-09-28T20:59:00", "modified": "2016-12-06T02:59:33", "published-epoch": "1443473940", "modified-epoch": "1480993173", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-09-29T17:05:44", "cvss_created-epoch": "1443546344", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true, "triage": [{"id": 214, "vuln_id": "CVE-2015-1781", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.344129", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-8776", "summary": "The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.", "cvss": "6.4", "published": "2016-04-19T21:59:04", "modified": "2018-01-05T02:30:21", "published-epoch": "1461103144", "modified-epoch": "1515119421", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-11-17T18:16:07", "cvss_created-epoch": "1479406567", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "cvss3_score": "9.1"}, "exact": true, "triage": [{"id": 215, "vuln_id": "CVE-2015-8776", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.364331", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-8777", "summary": "The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.", "cvss": "2.1", "published": "2016-01-20T05:59:01", "modified": "2018-01-05T02:30:21", "published-epoch": "1453269541", "modified-epoch": "1515119421", "cwe": "CWE-254", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-24T16:54:08", "cvss_created-epoch": "1466787248", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "cvss3_score": "5.5"}, "exact": true, "triage": [{"id": 227, "vuln_id": "CVE-2015-8777", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.636285", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-8778", "summary": "Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.", "cvss": "7.5", "published": "2016-04-19T21:59:04", "modified": "2018-01-05T02:30:21", "published-epoch": "1461103144", "modified-epoch": "1515119421", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-11-17T18:40:20", "cvss_created-epoch": "1479408020", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 207, "vuln_id": "CVE-2015-8778", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.200834", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-8779", "summary": "Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.", "cvss": "7.5", "published": "2016-04-19T21:59:05", "modified": "2018-01-05T02:30:21", "published-epoch": "1461103145", "modified-epoch": "1515119421", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-15T14:58:32", "cvss_created-epoch": "1466002712", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 206, "vuln_id": "CVE-2015-8779", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.177360", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-5180", "summary": "res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).", "cvss": "5.0", "published": "2017-06-27T20:29:00", "modified": "2017-07-03T14:22:49", "published-epoch": "1498595340", "modified-epoch": "1499091769", "cwe": "CWE-476", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-06-30T18:30:14", "cvss_created-epoch": "1498847414", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 216, "vuln_id": "CVE-2015-5180", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.391860", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-5277", "summary": "The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.", "cvss": "7.2", "published": "2015-12-17T19:59:02", "modified": "2017-07-01T01:29:19", "published-epoch": "1450382342", "modified-epoch": "1498872559", "cwe": "CWE-119", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-09T16:49:48", "cvss_created-epoch": "1465490988", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-8982", "summary": "Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.", "cvss": "6.8", "published": "2017-03-15T19:59:00", "modified": "2017-03-17T12:26:14", "published-epoch": "1489607940", "modified-epoch": "1489753574", "cwe": "CWE-190", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-03-16T18:39:49", "cvss_created-epoch": "1489689589", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "8.1"}, "exact": true, "triage": [{"id": 212, "vuln_id": "CVE-2015-8982", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.304579", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-8983", "summary": "Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.", "cvss": "6.8", "published": "2017-03-20T16:59:01", "modified": "2017-03-22T19:12:17", "published-epoch": "1490029141", "modified-epoch": "1490209937", "cwe": "CWE-190", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-03-22T18:03:36", "cvss_created-epoch": "1490205816", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "8.1"}, "exact": true, "triage": [{"id": 211, "vuln_id": "CVE-2015-8983", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.283183", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-8984", "summary": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.", "cvss": "4.3", "published": "2017-03-20T16:59:01", "modified": "2017-03-22T19:12:49", "published-epoch": "1490029141", "modified-epoch": "1490209969", "cwe": "CWE-125", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-03-22T18:02:59", "cvss_created-epoch": "1490205779", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "5.9"}, "exact": true, "triage": [{"id": 225, "vuln_id": "CVE-2015-8984", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.593967", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2018-6485", "summary": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", "cvss": "7.5", "published": "2018-02-01T14:29:00", "modified": "2018-02-22T14:54:00", "published-epoch": "1517495340", "modified-epoch": "1519311240", "cwe": "CWE-190", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-02-01T14:29:00", "cvss_created-epoch": "1517495340", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 201, "vuln_id": "CVE-2018-6485", "component": "glibc", "vendor": null, "codetype": "NA", "version": "2.19-0ubuntu6.6", "modified": "2018-03-22T23:17:38.068788", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2002-0684", "summary": "Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.", "cvss": "7.5", "published": "2002-08-12T04:00:00", "modified": "2016-10-18T02:21:25", "published-epoch": "1029124800", "modified-epoch": "1476757285", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-3192", "summary": "Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations.", "cvss": "5.0", "published": "2010-10-14T05:58:06", "modified": "2010-10-14T04:00:00", "published-epoch": "1287035886", "modified-epoch": "1287028800", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-10-14T23:40:00", "cvss_created-epoch": "1287099600", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-2207", "summary": "pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.", "cvss": "2.6", "published": "2013-10-09T22:55:02", "modified": "2017-07-01T01:29:04", "published-epoch": "1381359302", "modified-epoch": "1498872544", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-10-29T13:11:17", "cvss_created-epoch": "1446124277", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-5064", "summary": "** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states \"This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.\"", "cvss": "6.9", "published": "2011-03-30T22:55:01", "modified": "2012-01-19T03:44:52", "published-epoch": "1301525701", "modified-epoch": "1326944692", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-03-31T12:48:00", "cvss_created-epoch": "1301575680", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-3847", "summary": "elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.", "cvss": "6.9", "published": "2011-01-07T19:00:00", "modified": "2018-02-15T02:29:00", "published-epoch": "1294426800", "modified-epoch": "1518661740", "cwe": "CWE-59", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-01-07T19:00:00", "cvss_created-epoch": "1294426800", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0.0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-7817", "summary": "The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing \"$((`...`))\".", "cvss": "4.6", "published": "2014-11-24T15:59:01", "modified": "2018-01-18T18:18:01", "published-epoch": "1416844741", "modified-epoch": "1516299481", "cwe": "CWE-20", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-10T20:41:54", "cvss_created-epoch": "1465591314", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-4756", "summary": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": "4.0", "published": "2011-03-02T20:00:01", "modified": "2011-03-04T05:00:00", "published-epoch": "1299096001", "modified-epoch": "1299214800", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-03-03T14:09:00", "cvss_created-epoch": "1299161340", "cvss2_vector": "AV:N/AC:L/Au:S:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-3508", "summary": "** DISPUTED ** Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution.", "cvss": "7.2", "published": "2007-07-03T21:30:00", "modified": "2017-07-29T01:32:20", "published-epoch": "1183498200", "modified-epoch": "1501291940", "cwe": "CWE-189", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-07-04T22:03:00", "cvss_created-epoch": "1183586580", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-4458", "summary": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.", "cvss": "5.0", "published": "2013-12-12T18:55:10", "modified": "2017-07-01T01:29:04", "published-epoch": "1386874510", "modified-epoch": "1498872544", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-28T15:19:09", "cvss_created-epoch": "1467127149", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-8804", "summary": "The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.", "cvss": "7.8", "published": "2017-05-07T18:29:00", "modified": "2017-05-16T01:34:36", "published-epoch": "1494181740", "modified-epoch": "1494898476", "cwe": "CWE-502", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-12T17:48:41", "cvss_created-epoch": "1494611321", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": false}, {"vuln": {"cve": "CVE-2018-6551", "summary": "The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.", "cvss": "7.5", "published": "2018-02-02T14:29:00", "modified": "2018-02-22T17:47:00", "published-epoch": "1517581740", "modified-epoch": "1519321620", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-02-02T14:29:00", "cvss_created-epoch": "1517581740", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": false}, {"vuln": {"cve": "CVE-2010-0015", "summary": "nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.", "cvss": "7.5", "published": "2010-01-14T18:30:00", "modified": "2016-12-07T02:59:49", "published-epoch": "1263493800", "modified-epoch": "1481079589", "cwe": "CWE-255", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-01-15T14:55:00", "cvss_created-epoch": "1263567300", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2002-1146", "summary": "The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary (\"read buffer overflow\"), allowing remote attackers to cause a denial of service (crash).", "cvss": "5.0", "published": "2002-10-11T04:00:00", "modified": "2008-09-10T19:13:57", "published-epoch": "1034308800", "modified-epoch": "1221074037", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-7424", "summary": "The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6.", "cvss": "5.1", "published": "2015-08-26T19:59:00", "modified": "2016-11-28T19:10:13", "published-epoch": "1440619140", "modified-epoch": "1480360213", "cwe": "CWE-17", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-08-27T12:20:27", "cvss_created-epoch": "1440678027", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-17426", "summary": "The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check.", "cvss": "6.8", "published": "2017-12-05T17:29:00", "modified": "2017-12-15T15:06:36", "published-epoch": "1512494940", "modified-epoch": "1513350396", "cwe": "CWE-190", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-12-13T16:03:20", "cvss_created-epoch": "1513181000", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "8.1"}, "exact": false}, {"vuln": {"cve": "CVE-2012-3480", "summary": "Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified \"related functions\" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.", "cvss": "4.6", "published": "2012-08-25T10:29:51", "modified": "2017-07-01T01:29:01", "published-epoch": "1345890591", "modified-epoch": "1498872541", "cwe": "CWE-189", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-08-27T14:51:00", "cvss_created-epoch": "1346079060", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0028", "summary": "Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.", "cvss": "7.5", "published": "2003-03-25T05:00:00", "modified": "2016-10-18T02:28:33", "published-epoch": "1048568400", "modified-epoch": "1476757713", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-0235", "summary": "Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka \"GHOST.\"", "cvss": "10.0", "published": "2015-01-28T19:59:00", "modified": "2017-11-10T02:29:01", "published-epoch": "1422475140", "modified-epoch": "1510280941", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-01T20:17:53", "cvss_created-epoch": "1464812273", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-4880", "summary": "Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391.", "cvss": "5.0", "published": "2010-06-01T20:30:02", "modified": "2017-08-17T01:31:47", "published-epoch": "1275424202", "modified-epoch": "1502933507", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-06-02T12:37:00", "cvss_created-epoch": "1275482220", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-2702", "summary": "Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.", "cvss": "6.8", "published": "2014-10-27T20:55:22", "modified": "2014-10-31T00:43:02", "published-epoch": "1414443322", "modified-epoch": "1414716182", "cwe": "CWE-94", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-10-29T18:18:43", "cvss_created-epoch": "1414606723", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-4051", "summary": "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\"", "cvss": "5.0", "published": "2011-01-13T19:00:02", "modified": "2011-02-02T06:59:06", "published-epoch": "1294945202", "modified-epoch": "1296629946", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-01-13T20:44:00", "cvss_created-epoch": "1294951440", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-0296", "summary": "The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.", "cvss": "7.2", "published": "2010-06-01T20:30:02", "modified": "2017-08-17T01:31:57", "published-epoch": "1275424202", "modified-epoch": "1502933517", "cwe": "CWE-20", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-06-02T13:12:00", "cvss_created-epoch": "1275484320", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-4412", "summary": "Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.", "cvss": "7.5", "published": "2013-10-09T22:55:02", "modified": "2017-07-01T01:29:02", "published-epoch": "1381359302", "modified-epoch": "1498872542", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-10-10T11:40:59", "cvss_created-epoch": "1381405259", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-3856", "summary": "ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.", "cvss": "7.2", "published": "2011-01-07T19:00:00", "modified": "2018-02-15T02:29:00", "published-epoch": "1294426800", "modified-epoch": "1518661740", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-01-07T19:00:00", "cvss_created-epoch": "1294426800", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0.0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-4332", "summary": "Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.", "cvss": "4.3", "published": "2013-10-09T22:55:02", "modified": "2017-07-01T01:29:04", "published-epoch": "1381359302", "modified-epoch": "1498872544", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-10-10T01:00:46", "cvss_created-epoch": "1381366846", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-4237", "summary": "sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.", "cvss": "6.8", "published": "2013-10-09T22:55:02", "modified": "2017-07-01T01:29:04", "published-epoch": "1381359302", "modified-epoch": "1498872544", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-10-10T12:17:54", "cvss_created-epoch": "1381407474", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-8985", "summary": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", "cvss": "4.3", "published": "2017-03-20T16:59:01", "modified": "2017-03-23T10:46:41", "published-epoch": "1490029141", "modified-epoch": "1490266001", "cwe": "CWE-19", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-03-22T22:27:22", "cvss_created-epoch": "1490221642", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "5.9"}, "exact": false}, {"vuln": {"cve": "CVE-2011-1658", "summary": "ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard operating-system distribution would ship an applicable setuid or setgid program.", "cvss": "3.7", "published": "2011-04-08T15:17:28", "modified": "2017-08-17T01:34:17", "published-epoch": "1302275848", "modified-epoch": "1502933657", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-04-08T18:16:00", "cvss_created-epoch": "1302286560", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2000-0959", "summary": "glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.", "cvss": "1.2", "published": "2000-12-19T05:00:00", "modified": "2017-10-10T01:29:24", "published-epoch": "977202000", "modified-epoch": "1507598964", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:H/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-1089", "summary": "The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.", "cvss": "3.3", "published": "2011-04-10T02:55:01", "modified": "2016-12-07T18:15:43", "published-epoch": "1302404101", "modified-epoch": "1481134543", "cwe": "CWE-16", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-07T17:54:11", "cvss_created-epoch": "1481133251", "cvss2_vector": "AV:L/AC:M/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2000-0824", "summary": "The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH.", "cvss": "7.2", "published": "2000-11-14T05:00:00", "modified": "2017-10-10T01:29:19", "published-epoch": "974178000", "modified-epoch": "1507598959", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-4881", "summary": "Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391.", "cvss": "5.0", "published": "2010-06-01T20:30:02", "modified": "2017-08-17T01:31:47", "published-epoch": "1275424202", "modified-epoch": "1502933507", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-06-02T13:10:00", "cvss_created-epoch": "1275484200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-1382", "summary": "The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968.", "cvss": "2.1", "published": "2004-12-31T05:00:00", "modified": "2016-10-18T02:53:47", "published-epoch": "1104469200", "modified-epoch": "1476759227", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-06-24T16:27:00", "cvss_created-epoch": "1119630420", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-4424", "summary": "Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.", "cvss": "5.1", "published": "2013-10-09T22:55:02", "modified": "2017-07-01T01:29:02", "published-epoch": "1381359302", "modified-epoch": "1498872542", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-10-10T18:12:53", "cvss_created-epoch": "1381428773", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2000-0335", "summary": "The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results.", "cvss": "7.5", "published": "2000-05-03T04:00:00", "modified": "2008-09-10T19:04:10", "published-epoch": "957326400", "modified-epoch": "1221073450", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-5320", "summary": "scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s.", "cvss": "2.1", "published": "2017-10-18T14:29:00", "modified": "2017-11-08T17:05:29", "published-epoch": "1508336940", "modified-epoch": "1510160729", "cwe": "CWE-119", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-11-06T19:21:21", "cvss_created-epoch": "1509996081", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "6.2"}, "exact": false}, {"vuln": {"cve": "CVE-2012-3404", "summary": "The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers.", "cvss": "5.0", "published": "2014-02-10T18:15:10", "modified": "2017-07-01T01:29:01", "published-epoch": "1392056110", "modified-epoch": "1498872541", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-02-10T21:12:43", "cvss_created-epoch": "1392066763", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-0242", "summary": "Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.", "cvss": "5.0", "published": "2013-02-08T20:55:01", "modified": "2017-08-29T01:33:00", "published-epoch": "1360356901", "modified-epoch": "1503970380", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-02-11T17:56:00", "cvss_created-epoch": "1360605360", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-1659", "summary": "Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071.", "cvss": "5.0", "published": "2011-04-08T15:17:28", "modified": "2017-08-17T01:34:17", "published-epoch": "1302275848", "modified-epoch": "1502933657", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-04-08T18:26:00", "cvss_created-epoch": "1302287160", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-0968", "summary": "The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.", "cvss": "2.1", "published": "2005-02-09T05:00:00", "modified": "2017-10-11T01:29:39", "published-epoch": "1107925200", "modified-epoch": "1507685379", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-0830", "summary": "Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header.", "cvss": "5.1", "published": "2010-06-01T20:30:02", "modified": "2017-08-17T01:32:08", "published-epoch": "1275424202", "modified-epoch": "1502933528", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-06-02T13:16:00", "cvss_created-epoch": "1275484560", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-1453", "summary": "GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.", "cvss": "2.1", "published": "2004-12-31T05:00:00", "modified": "2017-10-11T01:29:45", "published-epoch": "1104469200", "modified-epoch": "1507685385", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-06-28T01:44:00", "cvss_created-epoch": "1119923040", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-3406", "summary": "The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not \"properly restrict the use of\" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.", "cvss": "6.8", "published": "2014-02-10T18:15:10", "modified": "2017-07-01T01:29:01", "published-epoch": "1392056110", "modified-epoch": "1498872541", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-02-10T21:18:16", "cvss_created-epoch": "1392067096", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-1000408", "summary": "A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.", "cvss": "7.2", "published": "2018-02-01T04:29:00", "modified": "2018-02-15T13:17:00", "published-epoch": "1517459340", "modified-epoch": "1518700620", "cwe": "CWE-399", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-02-01T04:29:00", "cvss_created-epoch": "1517459340", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": false}, {"vuln": {"cve": "CVE-2009-5029", "summary": "Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.", "cvss": "6.8", "published": "2013-05-02T14:55:01", "modified": "2013-05-03T12:39:28", "published-epoch": "1367506501", "modified-epoch": "1367584768", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-05-03T12:34:00", "cvss_created-epoch": "1367584440", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0859", "summary": "The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.", "cvss": "4.9", "published": "2003-12-15T05:00:00", "modified": "2017-10-11T01:29:15", "published-epoch": "1071464400", "modified-epoch": "1507685355", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-3405", "summary": "The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers \"desynchronization within the buffer size handling,\" a different vulnerability than CVE-2012-3404.", "cvss": "5.0", "published": "2014-02-10T18:15:10", "modified": "2017-07-01T01:29:01", "published-epoch": "1392056110", "modified-epoch": "1498872541", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-02-10T21:15:54", "cvss_created-epoch": "1392066954", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-4052", "summary": "Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.", "cvss": "5.0", "published": "2011-01-13T19:00:02", "modified": "2011-07-19T04:00:00", "published-epoch": "1294945202", "modified-epoch": "1311048000", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-01-14T14:45:00", "cvss_created-epoch": "1295016300", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2002-1265", "summary": "The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).", "cvss": "5.0", "published": "2002-11-12T05:00:00", "modified": "2017-10-10T01:30:10", "published-epoch": "1037077200", "modified-epoch": "1507599010", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-1234", "summary": "Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.", "cvss": "5.0", "published": "2016-06-01T20:59:00", "modified": "2017-07-01T01:29:32", "published-epoch": "1464814740", "modified-epoch": "1498872572", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-14T13:40:52", "cvss_created-epoch": "1465911652", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": false}, {"vuln": {"cve": "CVE-2011-1071", "summary": "The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a \"stack extension attack,\" a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.", "cvss": "5.1", "published": "2011-04-08T15:17:27", "modified": "2017-09-19T01:32:17", "published-epoch": "1302275847", "modified-epoch": "1505784737", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-04-08T17:03:00", "cvss_created-epoch": "1302282180", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-0864", "summary": "Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.", "cvss": "6.8", "published": "2013-05-02T14:55:05", "modified": "2013-05-03T04:00:00", "published-epoch": "1367506505", "modified-epoch": "1367553600", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-05-03T13:44:00", "cvss_created-epoch": "1367588640", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-4609", "summary": "The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections.", "cvss": "5.0", "published": "2013-05-02T14:55:01", "modified": "2013-05-03T04:00:00", "published-epoch": "1367506501", "modified-epoch": "1367553600", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-05-03T13:42:00", "cvss_created-epoch": "1367588520", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-5119", "summary": "Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.", "cvss": "7.5", "published": "2014-08-29T16:55:11", "modified": "2017-01-07T03:00:25", "published-epoch": "1409331311", "modified-epoch": "1483758025", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-09-02T17:20:34", "cvss_created-epoch": "1409678434", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-6656", "summary": "iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of \"0xffff\" to the iconv function when converting IBM930 encoded data to UTF-8.", "cvss": "5.0", "published": "2014-12-05T16:59:00", "modified": "2017-07-01T01:29:03", "published-epoch": "1417798740", "modified-epoch": "1498872543", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-08-26T18:57:33", "cvss_created-epoch": "1472237853", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-1914", "summary": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.", "cvss": "5.0", "published": "2013-04-29T22:55:01", "modified": "2017-07-01T01:29:04", "published-epoch": "1367276101", "modified-epoch": "1498872544", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-04-30T13:34:00", "cvss_created-epoch": "1367328840", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-4788", "summary": "The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.", "cvss": "5.1", "published": "2013-10-04T17:55:09", "modified": "2017-07-01T01:29:04", "published-epoch": "1380909309", "modified-epoch": "1498872544", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-10-07T14:35:11", "cvss_created-epoch": "1381156511", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-1000409", "summary": "A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.", "cvss": "6.9", "published": "2018-02-01T04:29:00", "modified": "2018-02-15T13:19:00", "published-epoch": "1517459340", "modified-epoch": "1518700740", "cwe": "CWE-119", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-02-01T04:29:00", "cvss_created-epoch": "1517459340", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "7.0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-0536", "summary": "Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.", "cvss": "6.9", "published": "2011-04-08T15:17:26", "modified": "2017-09-19T01:32:03", "published-epoch": "1302275846", "modified-epoch": "1505784723", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-04-08T16:15:00", "cvss_created-epoch": "1302279300", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-1095", "summary": "locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.", "cvss": "6.2", "published": "2011-04-10T02:55:01", "modified": "2017-09-19T01:32:17", "published-epoch": "1302404101", "modified-epoch": "1505784737", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-04-11T16:20:00", "cvss_created-epoch": "1302538800", "cvss2_vector": "AV:L/AC:H/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-1999-0041", "summary": "Buffer overflow in NLS (Natural Language Service).", "cvss": "7.5", "published": "1997-02-13T05:00:00", "modified": "2008-09-09T12:33:36", "published-epoch": "855810000", "modified-epoch": "1220963616", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["framework"], "homepage": "https://www.gnu.org/software/libc/", "short_version": "2.19-0ubuntu6.6", "latest_cmp": null, "url": null, "codetype": "Native", "coverity_scan": {"name": "GNU C Library - glibc", "language": "C/C++", "id": 4826, "homepage_url": "http://www.gnu.org/software/libc/", "details": {"loc": 741735, "defect_density": {"comparison": 0.7, "over_time": [{"2017-05-04": 0.54}], "score": 0.54, "verdict": "low", "loc_range": "500,000 to 1 million"}, "build_date": "2017-05-04", "project_url": "https://scan.coverity.com/projects/gnu-c-library-glibc", "version": "2.25", "cwe": [{"name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "defect_count": 7, "id": 120, "rank": 3, "uri": "http://cwe.mitre.org/top25/#CWE-120"}, {"name": "Integer Overflow or Wraparound", "defect_count": 1, "id": 190, "rank": 24, "uri": "http://cwe.mitre.org/top25/#CWE-190"}, {"name": "Use of a Broken or Risky Cryptographic Algorithm", "defect_count": 8, "id": 327, "rank": 19, "uri": "http://cwe.mitre.org/top25/#CWE-327"}, {"name": "Use of Potentially Dangerous Function", "defect_count": 1, "id": 676, "rank": 18, "uri": "http://cwe.mitre.org/top25/#CWE-676"}]}, "repo_url": "git://sourceware.org/git/glibc.git", "slug": "gnu-c-library-glibc", "mapped-name": "glibc"}}, {"extended-objects": [{"confidence": 0.8903667875856509, "sha1": "379984150b5401afe62bdf980f687a46347230ec", "name": "gpg", "timestamp": 1427460345, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/gpg"], "type": "native"}, {"confidence": 0.25191455058444173, "sha1": "4daffa335842cb252b835e7d3c872665940dfcdc", "name": "gpgv", "timestamp": 1427460345, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/gpgv"], "type": "native"}], "objects": ["gpg", "gpgv"], "version": "1.4.16-1ubuntu2.3", "lib": "gnupg", "distro_version": "1.4.16-1ubuntu2.3", "distro": "ubuntu", "cpe": ["cpe:/a:gnupg:gnupg:1.4.16-1ubuntu2.3"], "latest_version": "2.0.30", "vuln-count": {"total": 13, "exact": 0, "historical": 13}, "vulns": [{"vuln": {"cve": "CVE-2014-4617", "summary": "The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.", "cvss": "5.0", "published": "2014-06-25T11:19:22", "modified": "2017-12-28T02:29:02", "published-epoch": "1403695162", "modified-epoch": "1514428142", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-09-07T15:57:04", "cvss_created-epoch": "1473263824", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2013-4402", "summary": "The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.", "cvss": "5.0", "published": "2013-10-28T22:55:03", "modified": "2014-01-04T04:48:47", "published-epoch": "1383000903", "modified-epoch": "1388810927", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-10-29T17:12:09", "cvss_created-epoch": "1383066729", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-3746", "summary": "Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message.", "cvss": "5.0", "published": "2006-07-28T21:04:00", "modified": "2017-10-11T01:31:06", "published-epoch": "1154120640", "modified-epoch": "1507685466", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-07-31T20:49:00", "cvss_created-epoch": "1154378940", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-4576", "summary": "GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.", "cvss": "2.1", "published": "2013-12-20T21:55:06", "modified": "2017-08-29T01:33:38", "published-epoch": "1387576506", "modified-epoch": "1503970418", "cwe": "CWE-255", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-12-23T13:32:05", "cvss_created-epoch": "1387805525", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-6085", "summary": "The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.", "cvss": "5.8", "published": "2013-01-24T01:55:03", "modified": "2017-08-29T01:32:54", "published-epoch": "1358992503", "modified-epoch": "1503970374", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-01-24T15:56:00", "cvss_created-epoch": "1359042960", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-6169", "summary": "Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with \"C-escape\" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt.", "cvss": "6.8", "published": "2006-11-29T18:28:00", "modified": "2017-10-11T01:31:25", "published-epoch": "1164824880", "modified-epoch": "1507685485", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-11-29T23:31:00", "cvss_created-epoch": "1164843060", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-1263", "summary": "GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.", "cvss": "5.0", "published": "2007-03-06T20:19:00", "modified": "2017-10-11T01:31:48", "published-epoch": "1173212340", "modified-epoch": "1507685508", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-03-07T20:41:00", "cvss_created-epoch": "1173300060", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-4242", "summary": "GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.", "cvss": "1.9", "published": "2013-08-19T23:55:09", "modified": "2016-12-08T03:03:31", "published-epoch": "1376956509", "modified-epoch": "1481166211", "cwe": "CWE-200", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-10-23T14:23:39", "cvss_created-epoch": "1382538219", "cvss2_vector": "AV:L/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-6313", "summary": "The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.", "cvss": "5.0", "published": "2016-12-13T20:59:04", "modified": "2018-01-05T02:31:06", "published-epoch": "1481662744", "modified-epoch": "1515119466", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-16T19:41:21", "cvss_created-epoch": "1481917281", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss3_score": "5.3"}, "exact": false}, {"vuln": {"cve": "CVE-2008-1530", "summary": "GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers \"memory corruption around deduplication of user IDs.\"", "cvss": "9.3", "published": "2008-03-27T23:44:00", "modified": "2017-08-08T01:30:13", "published-epoch": "1206661440", "modified-epoch": "1502155813", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-03-28T22:07:00", "cvss_created-epoch": "1206742020", "cvss2_vector": "AV:N/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-3082", "summary": "parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.", "cvss": "5.0", "published": "2006-06-19T18:02:00", "modified": "2017-10-11T01:30:59", "published-epoch": "1150740120", "modified-epoch": "1507685459", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-06-19T18:13:00", "cvss_created-epoch": "1150740780", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-4351", "summary": "GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey.", "cvss": "5.8", "published": "2013-10-10T00:55:15", "modified": "2014-01-04T04:48:39", "published-epoch": "1381366515", "modified-epoch": "1388810919", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-10-10T15:21:43", "cvss_created-epoch": "1381418503", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-2547", "summary": "Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.", "cvss": "5.1", "published": "2010-08-05T18:17:57", "modified": "2010-12-10T06:43:17", "published-epoch": "1281032277", "modified-epoch": "1291963397", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-08-06T13:26:00", "cvss_created-epoch": "1281101160", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["crypto"], "homepage": "https://www.gnupg.org/", "upstream-source": "https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.0.30.tar.bz2", "latest-version": "2.0.30", "short_version": "1.4.16-1ubuntu2.3", "latest_cmp": false, "url": "https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.0.30.tar.bz2", "codetype": "Native", "coverity_scan": {"name": "GnuPG", "language": "C/C++", "id": 3723, "homepage_url": "", "details": {"loc": 197181, "defect_density": {"comparison": 0.5, "over_time": [null], "score": 1.25, "verdict": "high", "loc_range": "100,000 to 499,999"}, "build_date": "2015-02-06", "project_url": "https://scan.coverity.com/projects/gnupg", "version": "Version", "cwe": []}, "repo_url": "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.0.26.tar.bz2", "slug": "gnupg", "mapped-name": "gnupg"}}, {"extended-objects": [{"confidence": 0.785172704296546, "sha1": "d433d624a93ff6f6530408115d1af9eb9251f0ac", "name": "libgnutls.so.26.22.6", "timestamp": 1426859649, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/lib/x86_64-linux-gnu/libgnutls.so.26.22.6"], "type": "native"}], "objects": ["libgnutls.so.26.22.6"], "version": "2.12.23-12ubuntu2.2", "lib": "gnutls", "distro_version": "2.12.23-12ubuntu2.2", "distro": "ubuntu", "cpe": ["cpe:/a:gnu:gnutls:2.12.23-12ubuntu2.2"], "latest_version": "3.5.18", "vuln-count": {"total": 46, "exact": 0, "historical": 46}, "vulns": [{"vuln": {"cve": "CVE-2013-2116", "summary": "The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.", "cvss": "5.0", "published": "2013-07-03T18:55:01", "modified": "2014-03-26T04:47:38", "published-epoch": "1372877701", "modified-epoch": "1395809258", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-07-04T19:01:00", "cvss_created-epoch": "1372964460", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-1959", "summary": "lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.", "cvss": "5.8", "published": "2014-03-07T00:10:57", "modified": "2016-11-28T19:10:56", "published-epoch": "1394151057", "modified-epoch": "1480360256", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-03-07T12:12:21", "cvss_created-epoch": "1394194341", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-3468", "summary": "The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.", "cvss": "6.8", "published": "2014-06-05T20:55:06", "modified": "2017-12-29T02:29:22", "published-epoch": "1402001706", "modified-epoch": "1514514562", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-06-06T16:43:58", "cvss_created-epoch": "1402073038", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-1948", "summary": "The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.", "cvss": "10.0", "published": "2008-05-21T13:24:00", "modified": "2017-09-29T01:30:57", "published-epoch": "1211376240", "modified-epoch": "1506648657", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-05-21T14:37:00", "cvss_created-epoch": "1211380620", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-1569", "summary": "The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.", "cvss": "5.0", "published": "2012-03-26T19:55:01", "modified": "2018-01-18T02:29:13", "published-epoch": "1332791701", "modified-epoch": "1516242553", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-03-27T16:28:00", "cvss_created-epoch": "1332865680", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-5336", "summary": "Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.", "cvss": "7.5", "published": "2017-03-24T15:59:00", "modified": "2018-01-05T02:31:46", "published-epoch": "1490371140", "modified-epoch": "1515119506", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-03-27T16:57:24", "cvss_created-epoch": "1490633844", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": false}, {"vuln": {"cve": "CVE-2009-5138", "summary": "GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.", "cvss": "5.8", "published": "2014-03-07T00:10:53", "modified": "2014-04-01T05:44:14", "published-epoch": "1394151053", "modified-epoch": "1396331054", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-03-07T12:00:54", "cvss_created-epoch": "1394193654", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-3467", "summary": "Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.", "cvss": "4.3", "published": "2014-06-05T20:55:06", "modified": "2017-12-29T02:29:21", "published-epoch": "1402001706", "modified-epoch": "1514514561", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-06-06T16:39:27", "cvss_created-epoch": "1402072767", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-0282", "summary": "GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.", "cvss": "5.0", "published": "2015-03-24T17:59:04", "modified": "2018-01-05T02:29:59", "published-epoch": "1427219944", "modified-epoch": "1515119399", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-28T17:55:43", "cvss_created-epoch": "1467136543", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-1619", "summary": "The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.", "cvss": "4.0", "published": "2013-02-08T19:55:01", "modified": "2014-03-26T04:46:17", "published-epoch": "1360353301", "modified-epoch": "1395809177", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-02-11T15:39:00", "cvss_created-epoch": "1360597140", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-0390", "summary": "The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.", "cvss": "4.3", "published": "2012-01-06T01:55:01", "modified": "2014-03-26T04:28:02", "published-epoch": "1325814901", "modified-epoch": "1395808082", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-01-06T14:21:00", "cvss_created-epoch": "1325859660", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-4790", "summary": "verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.", "cvss": "5.0", "published": "2006-09-14T19:07:00", "modified": "2017-10-11T01:31:16", "published-epoch": "1158260820", "modified-epoch": "1507685476", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-09-18T17:36:00", "cvss_created-epoch": "1158600960", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-0092", "summary": "lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.", "cvss": "5.8", "published": "2014-03-07T00:10:53", "modified": "2016-11-28T19:10:24", "published-epoch": "1394151053", "modified-epoch": "1480360224", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-03-07T12:10:31", "cvss_created-epoch": "1394194231", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-1416", "summary": "lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.", "cvss": "7.5", "published": "2009-04-30T20:30:00", "modified": "2009-06-10T05:29:31", "published-epoch": "1241123400", "modified-epoch": "1244611771", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-05-01T15:30:00", "cvss_created-epoch": "1241191800", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-2409", "summary": "The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.", "cvss": "5.1", "published": "2009-07-30T19:30:00", "modified": "2017-09-19T01:29:06", "published-epoch": "1248982200", "modified-epoch": "1505784546", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-07-31T12:59:00", "cvss_created-epoch": "1249045140", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-1950", "summary": "Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.", "cvss": "5.0", "published": "2008-05-21T13:24:00", "modified": "2017-09-29T01:30:57", "published-epoch": "1211376240", "modified-epoch": "1506648657", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-05-21T14:52:00", "cvss_created-epoch": "1211381520", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-3465", "summary": "The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN.", "cvss": "5.0", "published": "2014-06-10T14:55:10", "modified": "2017-12-29T02:29:21", "published-epoch": "1402412110", "modified-epoch": "1514514561", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-06-11T13:15:00", "cvss_created-epoch": "1402492500", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-0731", "summary": "The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.", "cvss": "7.5", "published": "2010-03-26T18:30:00", "modified": "2017-09-19T01:30:28", "published-epoch": "1269628200", "modified-epoch": "1505784628", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-03-29T13:18:00", "cvss_created-epoch": "1269868680", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-8564", "summary": "The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.", "cvss": "5.0", "published": "2014-11-13T21:32:13", "modified": "2016-09-08T13:08:03", "published-epoch": "1415914333", "modified-epoch": "1473340083", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-09-07T15:00:00", "cvss_created-epoch": "1473260400", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-7444", "summary": "The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.", "cvss": "5.0", "published": "2016-09-27T15:59:12", "modified": "2018-01-05T02:31:15", "published-epoch": "1474991952", "modified-epoch": "1515119475", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-09-27T19:05:26", "cvss_created-epoch": "1475003126", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss3_score": "7.5"}, "exact": false}, {"vuln": {"cve": "CVE-2012-1573", "summary": "gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.", "cvss": "5.0", "published": "2012-03-26T19:55:01", "modified": "2018-01-18T02:29:13", "published-epoch": "1332791701", "modified-epoch": "1516242553", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-03-27T17:42:00", "cvss_created-epoch": "1332870120", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-5337", "summary": "Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.", "cvss": "7.5", "published": "2017-03-24T15:59:00", "modified": "2018-01-05T02:31:46", "published-epoch": "1490371140", "modified-epoch": "1515119506", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-03-27T17:02:33", "cvss_created-epoch": "1490634153", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": false}, {"vuln": {"cve": "CVE-2013-4466", "summary": "Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.", "cvss": "5.0", "published": "2013-11-20T14:12:30", "modified": "2013-11-21T17:06:28", "published-epoch": "1384956750", "modified-epoch": "1385053588", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-11-20T15:50:53", "cvss_created-epoch": "1384962653", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-3555", "summary": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.", "cvss": "5.8", "published": "2009-11-09T17:30:00", "modified": "2017-09-19T01:29:40", "published-epoch": "1257787800", "modified-epoch": "1505784580", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-11-10T13:40:00", "cvss_created-epoch": "1257860400", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-5334", "summary": "Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.", "cvss": "7.5", "published": "2017-03-24T15:59:00", "modified": "2018-01-05T02:31:46", "published-epoch": "1490371140", "modified-epoch": "1515119506", "cwe": "CWE-415", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-03-27T16:40:07", "cvss_created-epoch": "1490632807", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": false}, {"vuln": {"cve": "CVE-2016-4456", "summary": "The \"GNUTLS_KEYLOGFILE\" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem.", "cvss": "5.0", "published": "2017-08-08T21:29:00", "modified": "2017-08-25T11:50:19", "published-epoch": "1502227740", "modified-epoch": "1503661819", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-08-23T15:18:32", "cvss_created-epoch": "1503501512", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss3_score": "7.5"}, "exact": false}, {"vuln": {"cve": "CVE-2004-2531", "summary": "X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.", "cvss": "7.8", "published": "2004-12-31T05:00:00", "modified": "2017-07-11T01:31:59", "published-epoch": "1104469200", "modified-epoch": "1499736719", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-12-08T03:54:00", "cvss_created-epoch": "1134014040", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-1415", "summary": "lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.", "cvss": "4.3", "published": "2009-04-30T20:30:00", "modified": "2017-08-17T01:30:20", "published-epoch": "1241123400", "modified-epoch": "1502933420", "cwe": "CWE-255", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-05-01T14:32:00", "cvss_created-epoch": "1241188320", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-4487", "summary": "Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466.", "cvss": "5.0", "published": "2013-11-20T14:12:30", "modified": "2013-11-20T15:52:11", "published-epoch": "1384956750", "modified-epoch": "1384962731", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-11-20T15:52:11", "cvss_created-epoch": "1384962731", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-6251", "summary": "Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.", "cvss": "5.0", "published": "2015-08-24T14:59:10", "modified": "2016-12-24T02:59:32", "published-epoch": "1440428350", "modified-epoch": "1482548372", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-08-25T18:21:35", "cvss_created-epoch": "1440526895", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-7869", "summary": "GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.", "cvss": "5.0", "published": "2017-04-14T04:59:00", "modified": "2018-01-05T02:31:53", "published-epoch": "1492145940", "modified-epoch": "1515119513", "cwe": "CWE-787", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-04-23T11:41:14", "cvss_created-epoch": "1492947674", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": false}, {"vuln": {"cve": "CVE-2014-3466", "summary": "Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.", "cvss": "6.8", "published": "2014-06-03T14:55:10", "modified": "2017-12-29T02:29:21", "published-epoch": "1401807310", "modified-epoch": "1514514561", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-08-11T13:59:11", "cvss_created-epoch": "1439301551", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-2377", "summary": "Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle.", "cvss": "7.6", "published": "2008-08-08T19:41:00", "modified": "2017-08-08T01:30:59", "published-epoch": "1218224460", "modified-epoch": "1502155859", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-08-11T14:22:00", "cvss_created-epoch": "1218464520", "cvss2_vector": "AV:N/AC:H/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-8155", "summary": "GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.", "cvss": "4.3", "published": "2015-08-14T18:59:01", "modified": "2016-11-28T19:13:16", "published-epoch": "1439578741", "modified-epoch": "1480360396", "cwe": "CWE-17", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-08-17T12:42:47", "cvss_created-epoch": "1439815367", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-1431", "summary": "The \"record packet parsing\" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c.", "cvss": "5.0", "published": "2005-05-03T04:00:00", "modified": "2017-10-11T01:30:07", "published-epoch": "1115092800", "modified-epoch": "1507685407", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-05-13T15:08:00", "cvss_created-epoch": "1115996880", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-5335", "summary": "The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.", "cvss": "5.0", "published": "2017-03-24T15:59:00", "modified": "2018-01-05T02:31:46", "published-epoch": "1490371140", "modified-epoch": "1515119506", "cwe": "CWE-125", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-03-27T17:00:09", "cvss_created-epoch": "1490634009", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": false}, {"vuln": {"cve": "CVE-2008-4989", "summary": "The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).", "cvss": "4.3", "published": "2008-11-13T01:00:01", "modified": "2017-09-29T01:32:24", "published-epoch": "1226538001", "modified-epoch": "1506648744", "cwe": "CWE-255", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-11-13T17:10:00", "cvss_created-epoch": "1226596200", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-3469", "summary": "The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.", "cvss": "4.3", "published": "2014-06-05T20:55:06", "modified": "2017-12-29T02:29:22", "published-epoch": "1402001706", "modified-epoch": "1514514562", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-06-06T17:00:55", "cvss_created-epoch": "1402074055", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-2730", "summary": "libgnutls in GnuTLS before 2.8.2 does not properly handle a '\\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.", "cvss": "7.5", "published": "2009-08-12T10:30:01", "modified": "2017-09-19T01:29:17", "published-epoch": "1250073001", "modified-epoch": "1505784557", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-08-12T16:19:00", "cvss_created-epoch": "1250093940", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-4128", "summary": "Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.", "cvss": "4.3", "published": "2011-12-08T20:55:00", "modified": "2017-12-29T02:29:04", "published-epoch": "1323377700", "modified-epoch": "1514514544", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-12-09T19:22:00", "cvss_created-epoch": "1323458520", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-1663", "summary": "Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.", "cvss": "7.5", "published": "2012-03-13T22:55:03", "modified": "2017-08-29T01:31:21", "published-epoch": "1331679303", "modified-epoch": "1503970281", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-03-14T15:29:00", "cvss_created-epoch": "1331738940", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-1417", "summary": "gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.", "cvss": "5.0", "published": "2009-04-30T20:30:00", "modified": "2017-08-17T01:30:20", "published-epoch": "1241123400", "modified-epoch": "1502933420", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-05-01T16:16:00", "cvss_created-epoch": "1241194560", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-3308", "summary": "Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.", "cvss": "7.5", "published": "2015-09-02T14:59:01", "modified": "2016-12-22T02:59:49", "published-epoch": "1441205941", "modified-epoch": "1482375589", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-09-02T16:00:11", "cvss_created-epoch": "1441209611", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-7239", "summary": "The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference.", "cvss": "5.0", "published": "2010-05-24T19:30:01", "modified": "2010-05-25T04:00:00", "published-epoch": "1274729401", "modified-epoch": "1274760000", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-05-25T12:51:00", "cvss_created-epoch": "1274791860", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-7507", "summary": "GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.", "cvss": "5.0", "published": "2017-06-16T19:29:00", "modified": "2018-01-05T02:31:51", "published-epoch": "1497641340", "modified-epoch": "1515119511", "cwe": "CWE-476", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-06-27T23:46:22", "cvss_created-epoch": "1498607182", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": false}, {"vuln": {"cve": "CVE-2008-1949", "summary": "The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.", "cvss": "9.3", "published": "2008-05-21T13:24:00", "modified": "2017-09-29T01:30:57", "published-epoch": "1211376240", "modified-epoch": "1506648657", "cwe": "CWE-287", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-05-21T14:28:00", "cvss_created-epoch": "1211380080", "cvss2_vector": "AV:N/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["crypto", "protocol"], "homepage": "https://gnutls.org/", "upstream-source": "https://gnupg.org/ftp/gcrypt/gnutls/v3.5/gnutls-3.5.18.tar.xz", "latest-version": "3.5.18", "short_version": "2.12.23-12ubuntu2.2", "latest_cmp": false, "url": "https://gnupg.org/ftp/gcrypt/gnutls/v3.5/gnutls-3.5.18.tar.xz", "codetype": "Native", "coverity_scan": {"name": "GnuTLS", "language": "C/C++", "id": 77, "homepage_url": "http://www.gnutls.org", "details": {"loc": 242815, "defect_density": {"comparison": 0.5, "over_time": [{"2016-05-10": 0.47}], "score": 0.47, "verdict": "low", "loc_range": "100,000 to 499,999"}, "build_date": "2016-05-10", "project_url": "https://scan.coverity.com/projects/gnutls", "version": "3.5.0", "cwe": [{"name": "Integer Overflow or Wraparound", "defect_count": 2, "id": 190, "rank": 24, "uri": "http://cwe.mitre.org/top25/#CWE-190"}]}, "repo_url": "https://github.com/gnutls/gnutls", "slug": "gnutls", "mapped-name": "gnutls"}}, {"extended-objects": [{"confidence": 0.8666666666666667, "sha1": "d39d8732dd68c6167aba7ff8f126db377b509c73", "name": "grep", "timestamp": 1390065148, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "bin/grep"], "type": "native"}, {"confidence": 0.5333333333333333, "sha1": "25ff1d25e7e7e6b9be6cd07c53b98213c3b142a2", "name": "egrep", "timestamp": 1390065148, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "bin/egrep"], "type": "native"}, {"confidence": 0.5111111111111111, "sha1": "59bb67e545ac1951ac0f274ff63e8d2cc78ef420", "name": "fgrep", "timestamp": 1390065148, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "bin/fgrep"], "type": "native"}], "objects": ["grep", "egrep", "fgrep"], "version": "2.16-1", "lib": "grep", "distro_version": "2.16-1", "distro": "ubuntu", "cpe": ["cpe:/a:gnu:grep:2.16-1"], "latest_version": "3.1", "vuln-count": {"total": 2, "exact": 0, "historical": 2}, "vulns": [{"vuln": {"cve": "CVE-2012-5667", "summary": "Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.", "cvss": "4.4", "published": "2013-01-03T11:54:25", "modified": "2016-12-24T02:59:00", "published-epoch": "1357214065", "modified-epoch": "1482548340", "cwe": "CWE-189", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-01-03T17:22:00", "cvss_created-epoch": "1357233720", "cvss2_vector": "AV:L/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-1345", "summary": "The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.", "cvss": "2.1", "published": "2015-02-12T16:59:03", "modified": "2016-12-24T02:59:06", "published-epoch": "1423760343", "modified-epoch": "1482548346", "cwe": "CWE-119", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-02-12T19:27:23", "cvss_created-epoch": "1423769243", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["utility"], "homepage": "https://www.gnu.org/software/grep/", "upstream-source": "https://ftp.gnu.org/gnu/grep/grep-3.1.tar.xz", "latest-version": "3.1", "short_version": "2.16-1", "latest_cmp": false, "url": "https://ftp.gnu.org/gnu/grep/grep-3.1.tar.xz", "codetype": "Native", "coverity_scan": {"name": "grep", "language": "C/C++", "id": 3710, "homepage_url": "", "details": {"loc": 51513, "defect_density": {"comparison": 0.35, "over_time": [null], "score": 0.31, "verdict": "low", "loc_range": "less than 100,000"}, "build_date": "2014-12-15", "project_url": "https://scan.coverity.com/projects/grep", "version": "Version", "cwe": []}, "repo_url": "git.sv.gnu.org:/srv/git/grep.git", "slug": "grep", "mapped-name": "grep"}}, {"extended-objects": [{"confidence": 1.0, "sha1": "d7fb2f2e44294b959b2366f0d9f661ad9571a2d7", "name": "gzip", "timestamp": 1389348330, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "bin/gzip"], "type": "native"}], "objects": ["gzip"], "version": "1.6-3ubuntu1", "lib": "gzip", "distro_version": "1.6-3ubuntu1", "distro": "ubuntu", "cpe": ["cpe:/a:gnu:gzip:1.6-3ubuntu1"], "latest_version": "1.9", "vuln-count": {"total": 13, "exact": 0, "historical": 13}, "vulns": [{"vuln": {"cve": "CVE-2009-2624", "summary": "The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression.", "cvss": "6.8", "published": "2010-01-29T18:30:00", "modified": "2010-11-18T06:29:52", "published-epoch": "1264789800", "modified-epoch": "1290061792", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-01-31T22:31:00", "cvss_created-epoch": "1264977060", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2004-0603", "summary": "gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.", "cvss": "10.0", "published": "2004-12-06T05:00:00", "modified": "2017-07-11T01:30:18", "published-epoch": "1102309200", "modified-epoch": "1499736618", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2005-0758", "summary": "zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.", "cvss": "4.6", "published": "2005-05-13T04:00:00", "modified": "2017-10-11T01:30:00", "published-epoch": "1115956800", "modified-epoch": "1507685400", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-06-02T18:21:00", "cvss_created-epoch": "1117736460", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2001-1228", "summary": "Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server.", "cvss": "7.5", "published": "2001-11-18T05:00:00", "modified": "2008-09-10T19:09:58", "published-epoch": "1006059600", "modified-epoch": "1221073798", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2005-1228", "summary": "Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.", "cvss": "5.0", "published": "2005-05-02T04:00:00", "modified": "2017-10-11T01:30:05", "published-epoch": "1115006400", "modified-epoch": "1507685405", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-05-11T14:11:00", "cvss_created-epoch": "1115820660", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2006-4338", "summary": "unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive.", "cvss": "5.0", "published": "2006-09-19T21:07:00", "modified": "2017-10-11T01:31:11", "published-epoch": "1158700020", "modified-epoch": "1507685471", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-09-22T05:47:00", "cvss_created-epoch": "1158904020", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2005-0988", "summary": "Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.", "cvss": "3.7", "published": "2005-05-02T04:00:00", "modified": "2017-10-11T01:30:02", "published-epoch": "1115006400", "modified-epoch": "1507685402", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-06-14T01:13:00", "cvss_created-epoch": "1118711580", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2006-4337", "summary": "Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive.", "cvss": "7.5", "published": "2006-09-19T21:07:00", "modified": "2017-10-11T01:31:11", "published-epoch": "1158700020", "modified-epoch": "1507685471", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-09-22T05:46:00", "cvss_created-epoch": "1158903960", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2004-0970", "summary": "The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.", "cvss": "2.1", "published": "2005-02-09T05:00:00", "modified": "2017-07-11T01:30:37", "published-epoch": "1107925200", "modified-epoch": "1499736637", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2006-4334", "summary": "Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference.", "cvss": "5.0", "published": "2006-09-19T21:07:00", "modified": "2017-10-11T01:31:11", "published-epoch": "1158700020", "modified-epoch": "1507685471", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-09-22T05:45:00", "cvss_created-epoch": "1158903900", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2010-0001", "summary": "Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.", "cvss": "6.8", "published": "2010-01-29T18:30:00", "modified": "2017-09-19T01:30:09", "published-epoch": "1264789800", "modified-epoch": "1505784609", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-02-01T01:09:00", "cvss_created-epoch": "1264986540", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2006-4335", "summary": "Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a \"stack modification vulnerability.\"", "cvss": "7.5", "published": "2006-09-19T21:07:00", "modified": "2017-10-11T01:31:11", "published-epoch": "1158700020", "modified-epoch": "1507685471", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-09-22T05:46:00", "cvss_created-epoch": "1158903960", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2006-4336", "summary": "Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index.", "cvss": "7.5", "published": "2006-09-19T21:07:00", "modified": "2017-10-11T01:31:11", "published-epoch": "1158700020", "modified-epoch": "1507685471", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-09-21T18:18:00", "cvss_created-epoch": "1158862680", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}], "tags": ["compression"], "homepage": "https://www.gnu.org/software/gzip", "upstream-source": "https://ftp.gnu.org/gnu/gzip/gzip-1.9.tar.gz", "latest-version": "1.9", "short_version": "1.6-3ubuntu1", "latest_cmp": false, "url": "https://ftp.gnu.org/gnu/gzip/gzip-1.9.tar.gz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.982174688057041, "sha1": "dc3b3c10bf8b64a5181681b0577828aaf83c68be", "name": "libkrb5.so.26.0.0", "timestamp": 1425513551, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/x86_64-linux-gnu/libkrb5.so.26.0.0"], "type": "native"}, {"confidence": 1.0, "sha1": "47ebb5bed8052520c229f680407c2e6ca153eeee", "name": "libgssapi.so.3.0.0", "timestamp": 1425513552, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/x86_64-linux-gnu/libgssapi.so.3.0.0"], "type": "native", "source-match": "gssapi"}, {"confidence": 1.0, "sha1": "eeb29edbfe4831f17b2cede868db0989534bd998", "name": "libasn1.so.8.0.0", "timestamp": 1425513551, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/x86_64-linux-gnu/libasn1.so.8.0.0"], "type": "native", "source-match": "asn1"}], "objects": ["libkrb5.so.26.0.0"], "version": "1.6~git20131207+dfsg-1ubuntu1.1", "lib": "heimdal", "distro_version": "1.6~git20131207+dfsg-1ubuntu1.1", "distro": "ubuntu", "cpe": ["cpe:/a:heimdal_project:heimdal:1.6~git20131207+dfsg-1ubuntu1.1", "cpe:/a:freebsd:heimdal:1.6~git20131207+dfsg-1ubuntu1.1"], "latest_version": "7.5.0", "vuln-count": {"total": 14, "exact": 3, "historical": 11}, "vulns": [{"vuln": {"cve": "CVE-2017-17439", "summary": "In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c.", "cvss": "5.0", "published": "2017-12-06T15:29:00", "modified": "2017-12-30T02:29:02", "published-epoch": "1512574140", "modified-epoch": "1514600942", "cwe": "CWE-476", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-12-19T14:52:15", "cvss_created-epoch": "1513695135", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true}, {"vuln": {"cve": "CVE-2017-6594", "summary": "The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.", "cvss": "5.0", "published": "2017-08-28T19:29:01", "modified": "2017-09-08T20:43:28", "published-epoch": "1503948541", "modified-epoch": "1504903408", "cwe": "CWE-284", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-09-08T17:08:20", "cvss_created-epoch": "1504890500", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss3_score": "7.5"}, "exact": true}, {"vuln": {"cve": "CVE-2007-5939", "summary": "The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect.", "cvss": "10.0", "published": "2007-12-06T15:46:00", "modified": "2008-11-15T07:02:43", "published-epoch": "1196955960", "modified-epoch": "1226732563", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-12-06T19:35:00", "cvss_created-epoch": "1196969700", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2002-1225", "summary": "Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access.", "cvss": "10.0", "published": "2002-10-28T05:00:00", "modified": "2016-10-18T02:24:55", "published-epoch": "1035781200", "modified-epoch": "1476757495", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2006-0677", "summary": "telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows remote unauthenticated attackers to cause a denial of service (server crash) via unknown vectors that trigger a null dereference.", "cvss": "7.8", "published": "2006-02-14T11:06:00", "modified": "2017-07-20T01:29:58", "published-epoch": "1139915160", "modified-epoch": "1500514198", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-02-14T12:40:00", "cvss_created-epoch": "1139920800", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2004-0434", "summary": "k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow.", "cvss": "10.0", "published": "2004-07-07T04:00:00", "modified": "2017-07-11T01:30:09", "published-epoch": "1089172800", "modified-epoch": "1499736609", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2011-4862", "summary": "Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.", "cvss": "10.0", "published": "2011-12-25T01:55:02", "modified": "2017-08-29T01:30:36", "published-epoch": "1324778102", "modified-epoch": "1503970236", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-12-26T21:08:00", "cvss_created-epoch": "1324933680", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2006-3084", "summary": "The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.", "cvss": "7.2", "published": "2006-08-09T10:04:00", "modified": "2011-07-25T04:00:00", "published-epoch": "1155117840", "modified-epoch": "1311566400", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-08-10T12:37:00", "cvss_created-epoch": "1155213420", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2002-0754", "summary": "Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them.", "cvss": "7.2", "published": "2002-08-12T04:00:00", "modified": "2008-09-05T20:28:51", "published-epoch": "1029124800", "modified-epoch": "1220646531", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2002-1226", "summary": "Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remote or local attackers to gain root or other access, but not via buffer overflows (CVE-2002-1225).", "cvss": "10.0", "published": "2002-10-28T05:00:00", "modified": "2016-10-18T02:24:56", "published-epoch": "1035781200", "modified-epoch": "1476757496", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2006-3083", "summary": "The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.", "cvss": "7.2", "published": "2006-08-09T10:04:00", "modified": "2017-10-11T01:31:00", "published-epoch": "1155117840", "modified-epoch": "1507685460", "cwe": "CWE-399", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-08-10T12:33:00", "cvss_created-epoch": "1155213180", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2017-11103", "summary": "Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.", "cvss": "6.8", "published": "2017-07-13T13:29:00", "modified": "2017-11-14T02:29:00", "published-epoch": "1499952540", "modified-epoch": "1510626540", "cwe": "CWE-345", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-07-18T18:42:25", "cvss_created-epoch": "1500403345", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "8.1"}, "exact": true, "timestamp-objects": ["libkrb5.so.26.0.0"]}, {"vuln": {"cve": "CVE-2004-0371", "summary": "Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path.", "cvss": "5.0", "published": "2004-05-04T04:00:00", "modified": "2017-07-11T01:30:06", "published-epoch": "1083643200", "modified-epoch": "1499736606", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2006-0582", "summary": "Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors.", "cvss": "2.1", "published": "2006-02-08T01:02:00", "modified": "2017-07-20T01:29:53", "published-epoch": "1139360520", "modified-epoch": "1500514193", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-02-08T14:13:00", "cvss_created-epoch": "1139407980", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}], "tags": ["asn1", "crypto", "parser", "protocol"], "homepage": "https://www.h5l.org", "upstream-source": "https://github.com/heimdal/heimdal/releases/download/heimdal-7.5.0/heimdal-7.5.0.tar.gz", "latest-version": "7.5.0", "short_version": "1.6~git20131207+dfsg-1ubuntu1.1", "latest_cmp": false, "url": "https://github.com/heimdal/heimdal/releases/download/heimdal-7.5.0/heimdal-7.5.0.tar.gz", "codetype": "Native", "coverity_scan": {"name": "heimdal/heimdal", "language": "C/C++", "id": 85, "homepage_url": "http://www.h5l.org", "details": {"loc": 28922, "defect_density": {"comparison": 0.35, "over_time": [{"2016-07-09": 0.52}], "score": 0.52, "verdict": "high", "loc_range": "less than 100,000"}, "build_date": "2016-07-09", "project_url": "https://scan.coverity.com/projects/heimdal-heimdal", "version": "36adfc1", "cwe": []}, "repo_url": "https://github.com/heimdal/heimdal.git", "slug": "heimdal-heimdal", "mapped-name": "heimdal"}}, {"extended-objects": [{"confidence": 0.3033033033033033, "sha1": "d59535ac9ea34d8fe8b18c45263c6678fc3a9046", "name": "libgssapi_krb5.so.2.2", "timestamp": 1423257185, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2"], "type": "native", "source-match": "gssapi"}], "objects": ["libgssapi.so.3.0.0", "libgssapi_krb5.so.2.2", "libasn1.so.8.0.0"], "version": null, "lib": "heimdal", "distro_version": null, "distro": "ubuntu", "cpe": ["cpe:/a:heimdal_project:heimdal:", "cpe:/a:freebsd:heimdal:"], "latest_version": "7.5.0", "vuln-count": {"total": 14, "exact": 3, "historical": 11}, "vulns": [{"vuln": {"cve": "CVE-2017-6594", "summary": "The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.", "cvss": "5.0", "published": "2017-08-28T19:29:01", "modified": "2017-09-08T20:43:28", "published-epoch": "1503948541", "modified-epoch": "1504903408", "cwe": "CWE-284", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-09-08T17:08:20", "cvss_created-epoch": "1504890500", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss3_score": "7.5"}, "exact": true, "timestamp-objects": ["libgssapi_krb5.so.2.2"]}, {"vuln": {"cve": "CVE-2007-5939", "summary": "The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect.", "cvss": "10.0", "published": "2007-12-06T15:46:00", "modified": "2008-11-15T07:02:43", "published-epoch": "1196955960", "modified-epoch": "1226732563", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-12-06T19:35:00", "cvss_created-epoch": "1196969700", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2002-0754", "summary": "Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them.", "cvss": "7.2", "published": "2002-08-12T04:00:00", "modified": "2008-09-05T20:28:51", "published-epoch": "1029124800", "modified-epoch": "1220646531", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2002-1225", "summary": "Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access.", "cvss": "10.0", "published": "2002-10-28T05:00:00", "modified": "2016-10-18T02:24:55", "published-epoch": "1035781200", "modified-epoch": "1476757495", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2002-1226", "summary": "Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remote or local attackers to gain root or other access, but not via buffer overflows (CVE-2002-1225).", "cvss": "10.0", "published": "2002-10-28T05:00:00", "modified": "2016-10-18T02:24:56", "published-epoch": "1035781200", "modified-epoch": "1476757496", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2017-11103", "summary": "Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.", "cvss": "6.8", "published": "2017-07-13T13:29:00", "modified": "2017-11-14T02:29:00", "published-epoch": "1499952540", "modified-epoch": "1510626540", "cwe": "CWE-345", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-07-18T18:42:25", "cvss_created-epoch": "1500403345", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "8.1"}, "exact": true, "timestamp-objects": ["libgssapi_krb5.so.2.2"]}, {"vuln": {"cve": "CVE-2017-17439", "summary": "In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c.", "cvss": "5.0", "published": "2017-12-06T15:29:00", "modified": "2017-12-30T02:29:02", "published-epoch": "1512574140", "modified-epoch": "1514600942", "cwe": "CWE-476", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-12-19T14:52:15", "cvss_created-epoch": "1513695135", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "timestamp-objects": ["libgssapi_krb5.so.2.2"]}, {"vuln": {"cve": "CVE-2004-0371", "summary": "Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path.", "cvss": "5.0", "published": "2004-05-04T04:00:00", "modified": "2017-07-11T01:30:06", "published-epoch": "1083643200", "modified-epoch": "1499736606", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2004-0434", "summary": "k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow.", "cvss": "10.0", "published": "2004-07-07T04:00:00", "modified": "2017-07-11T01:30:09", "published-epoch": "1089172800", "modified-epoch": "1499736609", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2011-4862", "summary": "Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.", "cvss": "10.0", "published": "2011-12-25T01:55:02", "modified": "2017-08-29T01:30:36", "published-epoch": "1324778102", "modified-epoch": "1503970236", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-12-26T21:08:00", "cvss_created-epoch": "1324933680", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2006-0582", "summary": "Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors.", "cvss": "2.1", "published": "2006-02-08T01:02:00", "modified": "2017-07-20T01:29:53", "published-epoch": "1139360520", "modified-epoch": "1500514193", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-02-08T14:13:00", "cvss_created-epoch": "1139407980", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2006-0677", "summary": "telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows remote unauthenticated attackers to cause a denial of service (server crash) via unknown vectors that trigger a null dereference.", "cvss": "7.8", "published": "2006-02-14T11:06:00", "modified": "2017-07-20T01:29:58", "published-epoch": "1139915160", "modified-epoch": "1500514198", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-02-14T12:40:00", "cvss_created-epoch": "1139920800", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2006-3083", "summary": "The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.", "cvss": "7.2", "published": "2006-08-09T10:04:00", "modified": "2017-10-11T01:31:00", "published-epoch": "1155117840", "modified-epoch": "1507685460", "cwe": "CWE-399", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-08-10T12:33:00", "cvss_created-epoch": "1155213180", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2006-3084", "summary": "The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.", "cvss": "7.2", "published": "2006-08-09T10:04:00", "modified": "2011-07-25T04:00:00", "published-epoch": "1155117840", "modified-epoch": "1311566400", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-08-10T12:37:00", "cvss_created-epoch": "1155213420", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}], "tags": ["security"], "homepage": "https://www.h5l.org", "upstream-source": "https://github.com/heimdal/heimdal/releases/download/heimdal-7.5.0/heimdal-7.5.0.tar.gz", "latest-version": "7.5.0", "short_version": "", "latest_cmp": null, "url": "https://github.com/heimdal/heimdal/releases/download/heimdal-7.5.0/heimdal-7.5.0.tar.gz", "codetype": "Native", "coverity_scan": {"name": "heimdal/heimdal", "language": "C/C++", "id": 85, "homepage_url": "http://www.h5l.org", "details": {"loc": 28922, "defect_density": {"comparison": 0.35, "over_time": [{"2016-07-09": 0.52}], "score": 0.52, "verdict": "high", "loc_range": "less than 100,000"}, "build_date": "2016-07-09", "project_url": "https://scan.coverity.com/projects/heimdal-heimdal", "version": "36adfc1", "cwe": []}, "repo_url": "https://github.com/heimdal/heimdal.git", "slug": "heimdal-heimdal", "mapped-name": "heimdal"}}, {"extended-objects": [{"confidence": 0.989247311827957, "sha1": "1a36d2ca31cb6f229368c0b2ccd2362b045f1e32", "name": "iconv", "timestamp": 1424883452, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/iconv"], "type": "native"}, {"confidence": 0.6129032258064516, "sha1": "bc4d3005de82b41a7fa417f3497c5ed4845f9a08", "name": "localedef", "timestamp": 1424883452, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/localedef"], "type": "native"}], "objects": ["iconv", "localedef"], "version": "2.19", "lib": "iconv", "distro_version": "2.19", "distro": "ubuntu", "latest_version": "1.15", "vuln-count": {"total": 0, "exact": 0, "historical": 0}, "vulns": [], "tags": ["utility"], "homepage": "https://www.gnu.org/software/libiconv/", "upstream-source": "https://ftp.gnu.org/gnu/libiconv/libiconv-1.15.tar.gz", "latest-version": "1.15", "short_version": "2.19", "latest_cmp": true, "url": "https://ftp.gnu.org/gnu/libiconv/libiconv-1.15.tar.gz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.8888888888888888, "sha1": "8f982a2db98e2d4fa04e142d6f88b172698e2dbf", "name": "ip", "timestamp": 1392631473, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "bin/ip"], "type": "native", "source-match": "libnetlink"}, {"confidence": 0.7407407407407407, "sha1": "ecdc59cb14c097e3ff9f769028317e4c914603f2", "name": "tc", "timestamp": 1392631473, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "sbin/tc"], "type": "native", "source-match": "libnetlink"}, {"confidence": 0.7407407407407407, "sha1": "7f6160345271f42124c787359ca173e6e5f2a6a9", "name": "rtmon", "timestamp": 1392631473, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "sbin/rtmon"], "type": "native", "source-match": "libnetlink"}, {"confidence": 0.7037037037037037, "sha1": "54037456015aa524789e764ca593fc92d1fb78c9", "name": "arpd", "timestamp": 1392631473, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/sbin/arpd"], "type": "native", "source-match": "libnetlink"}, {"confidence": 0.7407407407407407, "sha1": "2ce9b85022ce1a252e6d8e113b425344fc6ce615", "name": "bridge", "timestamp": 1392631473, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "sbin/bridge"], "type": "native", "source-match": "libnetlink"}, {"confidence": 0.7407407407407407, "sha1": "dd240ad846f9610d577778caed9410fdc3e385fa", "name": "ss", "timestamp": 1392631473, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "bin/ss"], "type": "native", "source-match": "libnetlink"}], "objects": ["ip", "tc", "rtmon", "arpd", "bridge", "ss"], "version": "3.12.0-2", "lib": "iproute2", "distro_version": "3.12.0-2", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 1, "exact": 0, "historical": 1}, "vulns": [{"vuln": {"cve": "CVE-2012-1088", "summary": "iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script.", "cvss": "3.3", "published": "2014-02-15T14:57:07", "modified": "2016-08-23T02:05:11", "published-epoch": "1392476227", "modified-epoch": "1471917911", "cwe": "CWE-59", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-02-17T22:48:22", "cvss_created-epoch": "1392677302", "cvss2_vector": "AV:L/AC:M/Au:N:/C:N/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["protocol"], "homepage": "http://www.linuxfoundation.org/collaborate/workgroups/networking/", "short_version": "3.12.0-2", "latest_cmp": null, "url": null, "codetype": "Native", "coverity_scan": {"name": "Iproute2", "language": "C/C++", "id": 6209, "homepage_url": "http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2", "details": {"loc": 94524, "defect_density": {"comparison": 0.35, "over_time": [null], "score": 1.31, "verdict": "high", "loc_range": "less than 100,000"}, "build_date": "2015-08-31", "project_url": "https://scan.coverity.com/projects/iproute2", "version": "4.2.0", "cwe": [{"name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "defect_count": 5, "id": 120, "rank": 3, "uri": "http://cwe.mitre.org/top25/#CWE-120"}, {"name": "Integer Overflow or Wraparound", "defect_count": 1, "id": 190, "rank": 24, "uri": "http://cwe.mitre.org/top25/#CWE-190"}, {"name": "Use of Potentially Dangerous Function", "defect_count": 1, "id": 676, "rank": 18, "uri": "http://cwe.mitre.org/top25/#CWE-676"}]}, "repo_url": "git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git", "slug": "iproute2", "mapped-name": "iproute2"}}, {"extended-objects": [{"confidence": 1.0, "sha1": "2e19e3667a617f9381357e580f935ee783a98025", "name": "ping", "timestamp": 1399499506, "binary-type": "unknown", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "bin/ping"], "type": "native"}, {"confidence": 0.46564885496183206, "sha1": "af56f12d4bbf3bdf8627ded6bf6acfa7e66c55a5", "name": "ping6", "timestamp": 1399499506, "binary-type": "unknown", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "bin/ping6"], "type": "native"}], "objects": ["ping", "ping6"], "version": "20121221-4ubuntu1.1", "lib": "iputils", "distro_version": "20121221-4ubuntu1.1", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 3, "exact": 0, "historical": 3}, "vulns": [{"vuln": {"cve": "CVE-2000-1214", "summary": "Buffer overflows in the (1) outpack or (2) buf variables of ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, may allow local users to gain privileges.", "cvss": "4.6", "published": "2000-10-18T04:00:00", "modified": "2016-10-18T02:09:20", "published-epoch": "971841600", "modified-epoch": "1476756560", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2000-1213", "summary": "ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping's exposure to bugs that otherwise would occur at lower privileges.", "cvss": "7.5", "published": "2000-10-18T04:00:00", "modified": "2016-10-18T02:09:18", "published-epoch": "971841600", "modified-epoch": "1476756558", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-2529", "summary": "Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote attackers to cause a denial of service (hang) via a crafted echo response.", "cvss": "5.0", "published": "2010-07-28T12:48:52", "modified": "2010-07-28T04:00:00", "published-epoch": "1280321332", "modified-epoch": "1280289600", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-07-28T16:13:00", "cvss_created-epoch": "1280333580", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["client", "protocol"], "homepage": "https://github.com/iputils/iputils", "short_version": "20121221-4ubuntu1.1", "latest_cmp": null, "url": null, "codetype": "Native", "coverity_scan": {"name": "iputils/iputils", "language": "C/C++", "id": 1944, "homepage_url": "https://github.com/iputils/iputils", "details": {"loc": 37388, "defect_density": {"comparison": 0.35, "over_time": [{"2017-08-05": 0.35}], "score": 0.35, "verdict": "equal", "loc_range": "less than 100,000"}, "build_date": "2017-08-05", "project_url": "https://scan.coverity.com/projects/iputils-iputils", "version": "60aa6f2", "cwe": []}, "repo_url": "https://github.com/iputils/iputils.git", "slug": "iputils-iputils", "mapped-name": "iputils"}}, {"extended-objects": [{"confidence": 1.0, "sha1": "b18eef709784c56c61372c1d61b7af0f168616ca", "name": "libjson-c.so.2.0.0", "timestamp": 1401824447, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libjson-c.so.2.0.0"], "type": "native"}], "objects": ["libjson-c.so.2.0.0"], "version": "0.11-3ubuntu1.2", "lib": "json-c", "distro_version": "0.11-3ubuntu1.2", "distro": "ubuntu", "cpe": ["cpe:/a:json-c_project:json-c:0.11-3ubuntu1.2"], "latest_version": "0.12.1", "vuln-count": {"total": 2, "exact": 0, "historical": 2}, "vulns": [{"vuln": {"cve": "CVE-2013-6370", "summary": "Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors.", "cvss": "5.0", "published": "2014-04-22T13:06:26", "modified": "2017-08-29T01:33:58", "published-epoch": "1398171986", "modified-epoch": "1503970438", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-11-21T21:44:12", "cvss_created-epoch": "1479764652", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2013-6371", "summary": "The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions.", "cvss": "5.0", "published": "2014-04-22T13:06:26", "modified": "2017-08-29T01:33:58", "published-epoch": "1398171986", "modified-epoch": "1503970438", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-11-21T21:45:04", "cvss_created-epoch": "1479764704", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}], "tags": ["parser"], "homepage": "https://github.com/json-c/json-c/wiki", "upstream-source": "https://github.com/json-c/json-c/archive/json-c-0.12.1-20160607.tar.gz", "latest-version": "0.12.1", "short_version": "0.11-3ubuntu1.2", "latest_cmp": false, "url": "https://github.com/json-c/json-c/archive/json-c-0.12.1-20160607.tar.gz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.8828828828828829, "sha1": "b8d5bafa0bc3adda26671161873d6debefadb74b", "name": "libkrb5.so.3.3", "timestamp": 1423257185, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/x86_64-linux-gnu/libkrb5.so.3.3"], "type": "native"}], "objects": ["libkrb5.so.3.3"], "version": "1.12+dfsg-2ubuntu5.1", "lib": "kerberos", "distro_version": "1.12+dfsg-2ubuntu5.1", "distro": "ubuntu", "cpe": ["cpe:/a:mit:kerberos:1.12+dfsg-2ubuntu5.1"], "latest_version": "1.16", "vuln-count": {"total": 123, "exact": 8, "historical": 115}, "vulns": [{"vuln": {"cve": "CVE-2014-5353", "summary": "The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.", "cvss": "3.5", "published": "2014-12-16T23:59:00", "modified": "2018-02-04T02:29:00", "published-epoch": "1418774340", "modified-epoch": "1517711340", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-15T14:32:43", "cvss_created-epoch": "1481812363", "cvss2_vector": "AV:N/AC:M/Au:S:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-2695", "summary": "lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.", "cvss": "7.1", "published": "2015-11-09T03:59:00", "modified": "2017-07-01T01:29:15", "published-epoch": "1447041540", "modified-epoch": "1498872555", "cwe": "CWE-18", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-11-09T16:54:44", "cvss_created-epoch": "1447088084", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true, "triage": [{"id": 323, "vuln_id": "CVE-2015-2695", "component": "kerberos", "vendor": null, "codetype": "NA", "version": "1.12+dfsg-2ubuntu5.1", "modified": "2018-03-22T23:21:14.974338", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-2696", "summary": "lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.", "cvss": "7.1", "published": "2015-11-09T03:59:02", "modified": "2017-07-01T01:29:15", "published-epoch": "1447041542", "modified-epoch": "1498872555", "cwe": "CWE-18", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-11-09T16:56:15", "cvss_created-epoch": "1447088175", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true, "triage": [{"id": 320, "vuln_id": "CVE-2015-2696", "component": "kerberos", "vendor": null, "codetype": "NA", "version": "1.12+dfsg-2ubuntu5.1", "modified": "2018-03-22T23:21:14.952527", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-2697", "summary": "The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\\0' character in a long realm field within a TGS request.", "cvss": "6.8", "published": "2015-11-09T03:59:03", "modified": "2017-07-01T01:29:15", "published-epoch": "1447041543", "modified-epoch": "1498872555", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-11-09T16:57:58", "cvss_created-epoch": "1447088278", "cvss2_vector": "AV:N/AC:L/Au:S:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true, "triage": [{"id": 329, "vuln_id": "CVE-2015-2697", "component": "kerberos", "vendor": null, "codetype": "NA", "version": "1.12+dfsg-2ubuntu5.1", "modified": "2018-03-22T23:21:15.015110", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-8629", "summary": "The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.", "cvss": "2.1", "published": "2016-02-13T02:59:00", "modified": "2016-12-06T03:04:03", "published-epoch": "1455332340", "modified-epoch": "1480993443", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-02-17T16:28:50", "cvss_created-epoch": "1455726530", "cvss2_vector": "AV:N/AC:H/Au:S:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "cvss3_score": "3.1"}, "exact": true, "triage": [{"id": 335, "vuln_id": "CVE-2015-8629", "component": "kerberos", "vendor": null, "codetype": "NA", "version": "1.12+dfsg-2ubuntu5.1", "modified": "2018-03-22T23:21:15.073823", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-8631", "summary": "Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.", "cvss": "6.8", "published": "2016-02-13T02:59:02", "modified": "2016-12-06T03:04:05", "published-epoch": "1455332342", "modified-epoch": "1480993445", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-02-17T15:29:15", "cvss_created-epoch": "1455722955", "cvss2_vector": "AV:N/AC:L/Au:S:/C:N/I:N/A:C", "cvss3_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "6.5"}, "exact": true, "triage": [{"id": 326, "vuln_id": "CVE-2015-8631", "component": "kerberos", "vendor": null, "codetype": "NA", "version": "1.12+dfsg-2ubuntu5.1", "modified": "2018-03-22T23:21:14.995474", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-15088", "summary": "plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.", "cvss": "7.5", "published": "2017-11-23T17:29:00", "modified": "2017-12-12T18:05:37", "published-epoch": "1511458140", "modified-epoch": "1513101937", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-12-12T17:49:45", "cvss_created-epoch": "1513100985", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 318, "vuln_id": "CVE-2017-15088", "component": "kerberos", "vendor": null, "codetype": "NA", "version": "1.12+dfsg-2ubuntu5.1", "modified": "2018-03-22T23:21:14.911511", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2018-5709", "summary": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": "5.0", "published": "2018-01-16T09:29:00", "modified": "2018-02-02T17:24:19", "published-epoch": "1516094940", "modified-epoch": "1517592259", "cwe": "CWE-190", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-02-02T16:28:24", "cvss_created-epoch": "1517588904", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 330, "vuln_id": "CVE-2018-5709", "component": "kerberos", "vendor": null, "codetype": "NA", "version": "1.12+dfsg-2ubuntu5.1", "modified": "2018-03-22T23:21:15.034075", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2018-5710", "summary": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function \"strlen\" is getting a \"NULL\" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.", "cvss": "4.0", "published": "2018-01-16T09:29:00", "modified": "2018-02-02T17:26:20", "published-epoch": "1516094940", "modified-epoch": "1517592380", "cwe": "CWE-476", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-02-02T16:21:29", "cvss_created-epoch": "1517588489", "cvss2_vector": "AV:N/AC:L/Au:S:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "6.5"}, "exact": true, "triage": [{"id": 333, "vuln_id": "CVE-2018-5710", "component": "kerberos", "vendor": null, "codetype": "NA", "version": "1.12+dfsg-2ubuntu5.1", "modified": "2018-03-22T23:21:15.055094", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2007-5894", "summary": "** DISPUTED ** The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the uninitialized variable is used. NOTE: the vendor disputes this issue, stating \" The 'length' variable is only uninitialized if 'auth_type' is neither the 'KERBEROS_V4' nor 'GSSAPI'; this condition cannot occur in the unmodified source code.\"", "cvss": "9.3", "published": "2007-12-06T02:46:00", "modified": "2008-11-15T05:00:00", "published-epoch": "1196909160", "modified-epoch": "1226725200", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-12-06T16:46:00", "cvss_created-epoch": "1196959560", "cvss2_vector": "AV:N/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-3119", "summary": "The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.", "cvss": "3.5", "published": "2016-03-26T01:59:05", "modified": "2018-02-04T02:29:02", "published-epoch": "1458957545", "modified-epoch": "1517711342", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-21T19:31:23", "cvss_created-epoch": "1482348683", "cvss2_vector": "AV:N/AC:M/Au:S:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "5.3"}, "exact": false}, {"vuln": {"cve": "CVE-2009-0847", "summary": "The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.", "cvss": "4.3", "published": "2009-04-09T00:30:00", "modified": "2017-09-29T01:34:04", "published-epoch": "1239237000", "modified-epoch": "1506648844", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-04-09T13:07:00", "cvss_created-epoch": "1239282420", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-5354", "summary": "plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin \"add_principal -nokey\" or \"purgekeys -all\" command.", "cvss": "3.5", "published": "2014-12-16T23:59:01", "modified": "2017-01-03T02:59:06", "published-epoch": "1418774341", "modified-epoch": "1483412346", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-12-17T19:04:57", "cvss_created-epoch": "1418843097", "cvss2_vector": "AV:N/AC:M/Au:S:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-0488", "summary": "Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.", "cvss": "5.0", "published": "2005-06-14T04:00:00", "modified": "2017-10-11T01:29:56", "published-epoch": "1118721600", "modified-epoch": "1507685396", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-06-16T14:35:00", "cvss_created-epoch": "1118932500", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-4743", "summary": "The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.", "cvss": "10.0", "published": "2007-09-06T22:17:00", "modified": "2017-09-29T01:29:22", "published-epoch": "1189117020", "modified-epoch": "1506648562", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-09-07T14:48:00", "cvss_created-epoch": "1189176480", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-4151", "summary": "The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka Berkeley DB) back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, a different vulnerability than CVE-2011-1528.", "cvss": "7.8", "published": "2011-10-20T21:55:01", "modified": "2017-08-29T01:30:27", "published-epoch": "1319147701", "modified-epoch": "1503970227", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-10-21T12:51:00", "cvss_created-epoch": "1319201460", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2000-0546", "summary": "Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function.", "cvss": "5.0", "published": "2000-06-09T04:00:00", "modified": "2008-09-10T19:05:01", "published-epoch": "960523200", "modified-epoch": "1221073501", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-5902", "summary": "Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.", "cvss": "10.0", "published": "2007-12-06T02:46:00", "modified": "2010-05-27T05:19:07", "published-epoch": "1196909160", "modified-epoch": "1274937547", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-12-06T16:55:00", "cvss_created-epoch": "1196960100", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-6144", "summary": "The \"mechglue\" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers.", "cvss": "5.0", "published": "2006-12-31T05:00:00", "modified": "2017-07-29T01:29:21", "published-epoch": "1167541200", "modified-epoch": "1501291761", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-01-10T15:12:00", "cvss_created-epoch": "1168441920", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-0281", "summary": "The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \\n sequence.", "cvss": "5.0", "published": "2011-02-10T18:00:55", "modified": "2017-08-17T01:33:26", "published-epoch": "1297360855", "modified-epoch": "1502933606", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-02-10T22:55:00", "cvss_created-epoch": "1297378500", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-0642", "summary": "Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.", "cvss": "7.5", "published": "2004-09-28T04:00:00", "modified": "2017-10-11T01:29:30", "published-epoch": "1096344000", "modified-epoch": "1507685370", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-1999-1321", "summary": "Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing.", "cvss": "7.5", "published": "1998-11-05T05:00:00", "modified": "2008-09-05T20:19:14", "published-epoch": "910242000", "modified-epoch": "1220645954", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2000-0391", "summary": "Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.", "cvss": "10.0", "published": "2000-05-16T04:00:00", "modified": "2008-09-10T19:04:34", "published-epoch": "958449600", "modified-epoch": "1221073474", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2001-0554", "summary": "Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.", "cvss": "10.0", "published": "2001-08-14T04:00:00", "modified": "2017-10-10T01:29:47", "published-epoch": "997761600", "modified-epoch": "1507598987", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-8630", "summary": "The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.", "cvss": "5.0", "published": "2016-02-13T02:59:01", "modified": "2016-12-06T03:04:04", "published-epoch": "1455332341", "modified-epoch": "1480993444", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-03-09T18:46:00", "cvss_created-epoch": "1457549160", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": false}, {"vuln": {"cve": "CVE-2013-1417", "summary": "do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.", "cvss": "3.5", "published": "2013-11-20T14:12:44", "modified": "2014-01-28T04:51:27", "published-epoch": "1384956764", "modified-epoch": "1390884687", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-11-20T17:38:15", "cvss_created-epoch": "1384969095", "cvss2_vector": "AV:N/AC:M/Au:S:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-0772", "summary": "Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.", "cvss": "7.5", "published": "2004-10-20T04:00:00", "modified": "2017-10-11T01:29:33", "published-epoch": "1098244800", "modified-epoch": "1507685373", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-1016", "summary": "The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request.", "cvss": "4.3", "published": "2013-03-05T04:54:02", "modified": "2013-10-11T03:41:34", "published-epoch": "1362459242", "modified-epoch": "1381462894", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-03-05T15:16:00", "cvss_created-epoch": "1362496560", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0060", "summary": "Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names.", "cvss": "7.5", "published": "2003-02-19T05:00:00", "modified": "2017-07-11T01:29:27", "published-epoch": "1045630800", "modified-epoch": "1499736567", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-0845", "summary": "The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.", "cvss": "5.0", "published": "2009-03-27T16:30:02", "modified": "2017-09-29T01:34:04", "published-epoch": "1238171402", "modified-epoch": "1506648844", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-03-30T13:20:00", "cvss_created-epoch": "1238419200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2000-0549", "summary": "Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request.", "cvss": "5.0", "published": "2000-06-09T04:00:00", "modified": "2008-09-10T19:05:01", "published-epoch": "960523200", "modified-epoch": "1221073501", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-0283", "summary": "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request packet that does not trigger a response packet.", "cvss": "5.0", "published": "2011-02-10T18:00:55", "modified": "2011-09-22T03:27:56", "published-epoch": "1297360855", "modified-epoch": "1316662076", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-02-10T23:18:00", "cvss_created-epoch": "1297379880", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-9421", "summary": "The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.", "cvss": "9.0", "published": "2015-02-19T11:59:05", "modified": "2017-01-03T02:59:24", "published-epoch": "1424347145", "modified-epoch": "1483412364", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-11-24T17:27:55", "cvss_created-epoch": "1448386075", "cvss2_vector": "AV:N/AC:L/Au:S:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-1321", "summary": "The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.", "cvss": "6.8", "published": "2010-05-19T18:30:03", "modified": "2017-09-19T01:30:41", "published-epoch": "1274293803", "modified-epoch": "1505784641", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-05-20T13:41:00", "cvss_created-epoch": "1274362860", "cvss2_vector": "AV:N/AC:L/Au:S:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0059", "summary": "Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys.", "cvss": "7.5", "published": "2003-02-19T05:00:00", "modified": "2017-10-10T01:30:13", "published-epoch": "1045630800", "modified-epoch": "1507599013", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-1012", "summary": "server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global list privilege.", "cvss": "5.5", "published": "2012-06-07T19:55:07", "modified": "2012-06-12T04:00:00", "published-epoch": "1339098907", "modified-epoch": "1339473600", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-06-08T14:24:00", "cvss_created-epoch": "1339165440", "cvss2_vector": "AV:N/AC:L/Au:S:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-3999", "summary": "Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.", "cvss": "10.0", "published": "2007-09-05T10:17:00", "modified": "2017-09-29T01:29:11", "published-epoch": "1188987420", "modified-epoch": "1506648551", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-09-05T18:05:00", "cvss_created-epoch": "1189015500", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-1324", "summary": "MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.", "cvss": "4.3", "published": "2010-12-02T16:22:20", "modified": "2017-09-19T01:30:41", "published-epoch": "1291306940", "modified-epoch": "1505784641", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-03-31T13:39:28", "cvss_created-epoch": "1459431568", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss3_score": "3.7"}, "exact": false}, {"vuln": {"cve": "CVE-2014-5355", "summary": "MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.", "cvss": "5.0", "published": "2015-02-20T11:59:00", "modified": "2018-02-04T02:29:00", "published-epoch": "1424433540", "modified-epoch": "1517711340", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-11-24T17:27:55", "cvss_created-epoch": "1448386075", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-0957", "summary": "Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.", "cvss": "9.0", "published": "2007-04-06T01:19:00", "modified": "2017-10-11T01:31:41", "published-epoch": "1175822340", "modified-epoch": "1507685501", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-04-09T16:49:00", "cvss_created-epoch": "1176137340", "cvss2_vector": "AV:N/AC:L/Au:S:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-1216", "summary": "Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an \"an invalid direction encoding\".", "cvss": "8.5", "published": "2007-04-06T01:19:00", "modified": "2017-10-11T01:31:47", "published-epoch": "1175822340", "modified-epoch": "1507685507", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-04-09T16:56:00", "cvss_created-epoch": "1176137760", "cvss2_vector": "AV:N/AC:M/Au:S:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0058", "summary": "MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.", "cvss": "5.0", "published": "2003-02-19T05:00:00", "modified": "2017-10-10T01:30:13", "published-epoch": "1045630800", "modified-epoch": "1507599013", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-1175", "summary": "Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain valid TCP or UDP request.", "cvss": "7.5", "published": "2005-07-18T04:00:00", "modified": "2017-10-11T01:30:04", "published-epoch": "1121659200", "modified-epoch": "1507685404", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-07-18T13:52:00", "cvss_created-epoch": "1121694720", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-1323", "summary": "MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys.", "cvss": "2.6", "published": "2010-12-02T16:22:20", "modified": "2017-09-19T01:30:41", "published-epoch": "1291306940", "modified-epoch": "1505784641", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-03-31T13:56:06", "cvss_created-epoch": "1459432566", "cvss2_vector": "AV:N/AC:H/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss3_score": "3.7"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0082", "summary": "The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka \"buffer underrun\").", "cvss": "5.0", "published": "2003-04-02T05:00:00", "modified": "2017-10-11T01:29:04", "published-epoch": "1049259600", "modified-epoch": "1507685344", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-0644", "summary": "The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.", "cvss": "5.0", "published": "2004-09-28T04:00:00", "modified": "2017-10-11T01:29:30", "published-epoch": "1096344000", "modified-epoch": "1507685370", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2001-0417", "summary": "Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files.", "cvss": "2.1", "published": "2001-06-27T04:00:00", "modified": "2008-09-05T20:24:03", "published-epoch": "993614400", "modified-epoch": "1220646243", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-0523", "summary": "Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.", "cvss": "10.0", "published": "2004-08-18T04:00:00", "modified": "2017-10-11T01:29:27", "published-epoch": "1092801600", "modified-epoch": "1507685367", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-4341", "summary": "MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.", "cvss": "5.0", "published": "2014-07-20T11:12:50", "modified": "2017-08-29T01:34:56", "published-epoch": "1405854770", "modified-epoch": "1503970496", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-08-26T19:15:51", "cvss_created-epoch": "1472238951", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-5352", "summary": "The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.", "cvss": "9.0", "published": "2015-02-19T11:59:00", "modified": "2017-01-03T02:59:06", "published-epoch": "1424347140", "modified-epoch": "1483412346", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-11-24T17:27:55", "cvss_created-epoch": "1448386075", "cvss2_vector": "AV:N/AC:L/Au:S:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-0282", "summary": "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.", "cvss": "5.0", "published": "2011-02-10T18:00:55", "modified": "2017-08-17T01:33:26", "published-epoch": "1297360855", "modified-epoch": "1502933606", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-02-10T23:05:00", "cvss_created-epoch": "1297379100", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-0629", "summary": "Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.", "cvss": "4.0", "published": "2010-04-07T15:30:00", "modified": "2017-09-19T01:30:27", "published-epoch": "1270654200", "modified-epoch": "1505784627", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-04-08T13:52:00", "cvss_created-epoch": "1270734720", "cvss2_vector": "AV:N/AC:L/Au:S:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-1527", "summary": "The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions.", "cvss": "7.8", "published": "2011-10-20T21:55:00", "modified": "2012-01-19T03:56:50", "published-epoch": "1319147700", "modified-epoch": "1326945410", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-10-21T12:36:00", "cvss_created-epoch": "1319200560", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-5351", "summary": "The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.", "cvss": "2.1", "published": "2014-10-10T01:55:11", "modified": "2018-02-04T02:29:00", "published-epoch": "1412906111", "modified-epoch": "1517711340", "cwe": "CWE-255", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-12-30T19:30:51", "cvss_created-epoch": "1419967851", "cvss2_vector": "AV:N/AC:H/Au:S:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-9423", "summary": "The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.", "cvss": "5.0", "published": "2015-02-19T11:59:07", "modified": "2016-11-28T19:13:56", "published-epoch": "1424347147", "modified-epoch": "1480360436", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-02-19T16:07:27", "cvss_created-epoch": "1424362047", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-1526", "summary": "ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.", "cvss": "6.5", "published": "2011-07-11T20:55:01", "modified": "2018-01-06T02:29:02", "published-epoch": "1310417701", "modified-epoch": "1515205742", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-07-12T12:56:00", "cvss_created-epoch": "1310475360", "cvss2_vector": "AV:N/AC:L/Au:S:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2000-0392", "summary": "Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.", "cvss": "7.2", "published": "2000-05-16T04:00:00", "modified": "2008-09-10T19:04:34", "published-epoch": "958449600", "modified-epoch": "1221073474", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-6143", "summary": "The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.", "cvss": "9.3", "published": "2006-12-31T05:00:00", "modified": "2017-07-29T01:29:21", "published-epoch": "1167541200", "modified-epoch": "1501291761", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-01-10T15:12:00", "cvss_created-epoch": "1168441920", "cvss2_vector": "AV:N/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-1174", "summary": "MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory.", "cvss": "5.0", "published": "2005-07-18T04:00:00", "modified": "2017-10-11T01:30:04", "published-epoch": "1121659200", "modified-epoch": "1507685404", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-07-18T13:50:00", "cvss_created-epoch": "1121694600", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2000-0389", "summary": "Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.", "cvss": "10.0", "published": "2000-05-16T04:00:00", "modified": "2008-09-10T19:04:34", "published-epoch": "958449600", "modified-epoch": "1221073474", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-4022", "summary": "The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process \"exits abnormally,\" which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.", "cvss": "5.0", "published": "2011-02-10T18:00:18", "modified": "2011-09-22T03:25:41", "published-epoch": "1297360818", "modified-epoch": "1316661941", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-02-10T20:53:00", "cvss_created-epoch": "1297371180", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-1418", "summary": "The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.", "cvss": "4.3", "published": "2013-11-18T03:55:05", "modified": "2018-02-04T02:29:00", "published-epoch": "1384746905", "modified-epoch": "1517711340", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-11-18T18:19:20", "cvss_created-epoch": "1384798760", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-4345", "summary": "Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of \"cpw -keepold\" commands.", "cvss": "8.5", "published": "2014-08-14T05:01:50", "modified": "2017-10-20T01:29:03", "published-epoch": "1407992510", "modified-epoch": "1508462943", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-08-14T18:09:44", "cvss_created-epoch": "1408039784", "cvss2_vector": "AV:N/AC:M/Au:S:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-0956", "summary": "The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.", "cvss": "7.6", "published": "2007-04-06T01:19:00", "modified": "2017-10-11T01:31:41", "published-epoch": "1175822340", "modified-epoch": "1507685501", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-04-09T16:43:00", "cvss_created-epoch": "1176136980", "cvss2_vector": "AV:N/AC:H/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-2443", "summary": "Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.", "cvss": "7.9", "published": "2007-06-26T22:30:00", "modified": "2017-10-11T01:32:13", "published-epoch": "1182897000", "modified-epoch": "1507685533", "cwe": null, "cvss_access_vector": "ADJACENT_NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-06-27T18:12:00", "cvss_created-epoch": "1182967920", "cvss2_vector": "AV:A/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-1999-0143", "summary": "Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.", "cvss": "4.6", "published": "1996-02-21T05:00:00", "modified": "2008-09-09T12:33:49", "published-epoch": "824878800", "modified-epoch": "1220963629", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-3083", "summary": "The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.", "cvss": "7.2", "published": "2006-08-09T10:04:00", "modified": "2017-10-11T01:31:00", "published-epoch": "1155117840", "modified-epoch": "1507685460", "cwe": "CWE-399", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-08-10T12:33:00", "cvss_created-epoch": "1155213180", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-1999-0713", "summary": "The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges.", "cvss": "7.2", "published": "1999-06-11T04:00:00", "modified": "2008-09-09T12:35:15", "published-epoch": "929073600", "modified-epoch": "1220963715", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-4343", "summary": "Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.", "cvss": "7.6", "published": "2014-08-14T05:01:49", "modified": "2017-08-29T01:34:57", "published-epoch": "1407992509", "modified-epoch": "1503970497", "cwe": "CWE-415", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-08-26T19:21:24", "cvss_created-epoch": "1472239284", "cvss2_vector": "AV:N/AC:H/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-0643", "summary": "Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.", "cvss": "4.6", "published": "2004-09-28T04:00:00", "modified": "2017-10-11T01:29:30", "published-epoch": "1096344000", "modified-epoch": "1507685370", "cwe": "CWE-119", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2001-1323", "summary": "Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file glob output from the ftpglob function.", "cvss": "7.5", "published": "2001-05-16T04:00:00", "modified": "2016-10-18T02:14:31", "published-epoch": "989985600", "modified-epoch": "1476756871", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2000-0550", "summary": "Kerberos 4 KDC program improperly frees memory twice (aka \"double-free\"), which allows remote attackers to cause a denial of service.", "cvss": "5.0", "published": "2000-06-09T04:00:00", "modified": "2008-09-10T19:05:01", "published-epoch": "960523200", "modified-epoch": "1221073501", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2002-0036", "summary": "Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value.", "cvss": "5.0", "published": "2003-02-19T05:00:00", "modified": "2017-10-10T01:30:04", "published-epoch": "1045630800", "modified-epoch": "1507599004", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-0844", "summary": "The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.", "cvss": "5.8", "published": "2009-04-09T00:30:00", "modified": "2017-09-29T01:34:04", "published-epoch": "1239237000", "modified-epoch": "1506648844", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-04-09T12:15:00", "cvss_created-epoch": "1239279300", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0139", "summary": "Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and \"ticket splicing.\"", "cvss": "7.5", "published": "2003-03-24T05:00:00", "modified": "2017-10-11T01:29:06", "published-epoch": "1048482000", "modified-epoch": "1507685346", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-1689", "summary": "Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.", "cvss": "7.5", "published": "2005-07-18T04:00:00", "modified": "2017-10-11T01:30:09", "published-epoch": "1121659200", "modified-epoch": "1507685409", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-07-18T13:53:00", "cvss_created-epoch": "1121694780", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-1416", "summary": "The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.", "cvss": "4.0", "published": "2013-04-19T11:44:26", "modified": "2013-12-01T04:26:48", "published-epoch": "1366371866", "modified-epoch": "1385872008", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-04-22T12:42:00", "cvss_created-epoch": "1366634520", "cvss2_vector": "AV:N/AC:L/Au:S:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-3149", "summary": "sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be \"a user, who can already log into your system, and can already use sudo.\"", "cvss": "7.2", "published": "2007-06-11T18:30:00", "modified": "2008-09-05T21:24:58", "published-epoch": "1181586600", "modified-epoch": "1220649898", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-06-12T12:37:00", "cvss_created-epoch": "1181651820", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-0948", "summary": "Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.", "cvss": "9.3", "published": "2008-03-19T00:44:00", "modified": "2017-09-29T01:30:30", "published-epoch": "1205887440", "modified-epoch": "1506648630", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-03-19T19:10:00", "cvss_created-epoch": "1205953800", "cvss2_vector": "AV:N/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0072", "summary": "The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka \"array overrun\").", "cvss": "5.0", "published": "2003-04-02T05:00:00", "modified": "2008-09-05T20:33:23", "published-epoch": "1049259600", "modified-epoch": "1220646803", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2002-2443", "summary": "schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.", "cvss": "5.0", "published": "2013-05-29T14:29:06", "modified": "2016-12-07T02:59:03", "published-epoch": "1369837746", "modified-epoch": "1481079543", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-05-29T17:05:00", "cvss_created-epoch": "1369847100", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-11368", "summary": "In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.", "cvss": "4.0", "published": "2017-08-09T18:29:01", "modified": "2017-10-20T17:42:18", "published-epoch": "1502303341", "modified-epoch": "1508521338", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-10-19T18:18:49", "cvss_created-epoch": "1508437129", "cvss2_vector": "AV:N/AC:L/Au:S:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "6.5"}, "exact": false}, {"vuln": {"cve": "CVE-2010-1320", "summary": "Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation.", "cvss": "4.0", "published": "2010-04-22T14:30:01", "modified": "2010-06-19T05:39:48", "published-epoch": "1271946601", "modified-epoch": "1276925988", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-04-23T17:29:00", "cvss_created-epoch": "1272043740", "cvss2_vector": "AV:N/AC:L/Au:S:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-0846", "summary": "The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.", "cvss": "10.0", "published": "2009-04-09T00:30:00", "modified": "2017-09-29T01:34:04", "published-epoch": "1239237000", "modified-epoch": "1506648844", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-04-09T12:23:00", "cvss_created-epoch": "1239279780", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-1528", "summary": "The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151.", "cvss": "7.8", "published": "2011-10-20T21:55:00", "modified": "2012-04-20T04:00:00", "published-epoch": "1319147700", "modified-epoch": "1334894400", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-10-21T12:44:00", "cvss_created-epoch": "1319201040", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-6800", "summary": "An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418.", "cvss": "4.0", "published": "2013-11-18T02:55:10", "modified": "2017-01-07T02:59:14", "published-epoch": "1384743310", "modified-epoch": "1483757954", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-11-18T18:17:45", "cvss_created-epoch": "1384798665", "cvss2_vector": "AV:N/AC:L/Au:S:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-1013", "summary": "The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password.", "cvss": "4.0", "published": "2012-06-07T19:55:07", "modified": "2013-04-02T03:15:47", "published-epoch": "1339098907", "modified-epoch": "1364872547", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-06-08T14:36:00", "cvss_created-epoch": "1339166160", "cvss2_vector": "AV:N/AC:L/Au:S:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0138", "summary": "Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.", "cvss": "7.5", "published": "2003-03-24T05:00:00", "modified": "2017-10-11T01:29:06", "published-epoch": "1048482000", "modified-epoch": "1507685346", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2000-0548", "summary": "Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.", "cvss": "5.0", "published": "2000-06-09T04:00:00", "modified": "2008-09-10T19:05:01", "published-epoch": "960523200", "modified-epoch": "1221073501", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-9422", "summary": "The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial \"kadmind\" substring, as demonstrated by a \"ka/x\" principal.", "cvss": "6.1", "published": "2015-02-19T11:59:06", "modified": "2017-01-03T02:59:24", "published-epoch": "1424347146", "modified-epoch": "1483412364", "cwe": "CWE-284", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-11-24T17:27:55", "cvss_created-epoch": "1448386075", "cvss2_vector": "AV:N/AC:H/Au:S:/C:P/I:P/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-4212", "summary": "Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.", "cvss": "10.0", "published": "2010-01-13T19:30:00", "modified": "2017-09-19T01:29:56", "published-epoch": "1263411000", "modified-epoch": "1505784596", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-01-14T13:36:00", "cvss_created-epoch": "1263476160", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2000-0390", "summary": "Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.", "cvss": "10.0", "published": "2000-05-16T04:00:00", "modified": "2008-09-10T19:04:34", "published-epoch": "958449600", "modified-epoch": "1221073474", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-0284", "summary": "Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.", "cvss": "7.6", "published": "2011-03-20T02:00:03", "modified": "2017-08-17T01:33:26", "published-epoch": "1300586403", "modified-epoch": "1502933606", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-03-21T16:03:00", "cvss_created-epoch": "1300723380", "cvss2_vector": "AV:N/AC:H/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-0283", "summary": "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.", "cvss": "7.8", "published": "2010-02-22T13:00:02", "modified": "2010-06-19T05:38:13", "published-epoch": "1266843602", "modified-epoch": "1276925893", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-02-23T13:16:00", "cvss_created-epoch": "1266930960", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-4021", "summary": "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a \"KrbFastReq forgery issue.\"", "cvss": "2.1", "published": "2010-12-02T16:22:21", "modified": "2011-05-05T02:36:41", "published-epoch": "1291306941", "modified-epoch": "1304563001", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-12-02T23:42:00", "cvss_created-epoch": "1291333320", "cvss2_vector": "AV:N/AC:H/Au:S:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-11462", "summary": "Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.", "cvss": "7.5", "published": "2017-09-13T16:29:00", "modified": "2017-10-20T17:43:49", "published-epoch": "1505320140", "modified-epoch": "1508521429", "cwe": "CWE-415", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-10-19T18:22:56", "cvss_created-epoch": "1508437376", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": false}, {"vuln": {"cve": "CVE-2011-1529", "summary": "The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors.", "cvss": "7.8", "published": "2011-10-20T21:55:00", "modified": "2012-01-19T03:56:50", "published-epoch": "1319147700", "modified-epoch": "1326945410", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-10-21T12:47:00", "cvss_created-epoch": "1319201220", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-5972", "summary": "Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store this key.", "cvss": "9.0", "published": "2007-12-06T02:46:00", "modified": "2010-05-27T05:19:15", "published-epoch": "1196909160", "modified-epoch": "1274937555", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-12-06T17:02:00", "cvss_created-epoch": "1196960520", "cvss2_vector": "AV:N/AC:L/Au:S:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-3295", "summary": "The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request.", "cvss": "5.0", "published": "2009-12-29T20:41:19", "modified": "2010-06-29T04:00:00", "published-epoch": "1262119279", "modified-epoch": "1277784000", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-12-30T12:57:00", "cvss_created-epoch": "1262177820", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0028", "summary": "Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.", "cvss": "7.5", "published": "2003-03-25T05:00:00", "modified": "2016-10-18T02:28:33", "published-epoch": "1048568400", "modified-epoch": "1476757713", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-3084", "summary": "The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.", "cvss": "7.2", "published": "2006-08-09T10:04:00", "modified": "2011-07-25T04:00:00", "published-epoch": "1155117840", "modified-epoch": "1311566400", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-08-10T12:37:00", "cvss_created-epoch": "1155213420", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-0628", "summary": "The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.", "cvss": "5.0", "published": "2010-03-25T22:30:00", "modified": "2010-03-31T05:41:46", "published-epoch": "1269556200", "modified-epoch": "1270014106", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-03-26T19:17:00", "cvss_created-epoch": "1269631020", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-2442", "summary": "The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.", "cvss": "9.3", "published": "2007-06-26T22:30:00", "modified": "2017-10-11T01:32:13", "published-epoch": "1182897000", "modified-epoch": "1507685533", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-06-27T18:09:00", "cvss_created-epoch": "1182967740", "cvss2_vector": "AV:N/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2002-1235", "summary": "The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.", "cvss": "10.0", "published": "2002-11-04T05:00:00", "modified": "2016-10-18T02:25:04", "published-epoch": "1036386000", "modified-epoch": "1476757504", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-1415", "summary": "The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.", "cvss": "7.1", "published": "2013-03-05T05:05:57", "modified": "2013-10-11T03:50:16", "published-epoch": "1362459957", "modified-epoch": "1381463416", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-03-05T19:06:00", "cvss_created-epoch": "1362510360", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-4342", "summary": "MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.", "cvss": "5.0", "published": "2014-07-20T11:12:50", "modified": "2017-11-13T16:40:57", "published-epoch": "1405854770", "modified-epoch": "1510591257", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-11-10T23:12:31", "cvss_created-epoch": "1510355551", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-0285", "summary": "The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.", "cvss": "10.0", "published": "2011-04-15T00:55:00", "modified": "2013-07-06T06:57:10", "published-epoch": "1302828900", "modified-epoch": "1373093830", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-04-15T13:03:00", "cvss_created-epoch": "1302872580", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-4344", "summary": "The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation.", "cvss": "7.8", "published": "2014-08-14T05:01:49", "modified": "2017-08-29T01:34:57", "published-epoch": "1407992509", "modified-epoch": "1503970497", "cwe": "CWE-476", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-08-26T19:25:14", "cvss_created-epoch": "1472239514", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-1189", "summary": "The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow.", "cvss": "7.2", "published": "2004-12-31T05:00:00", "modified": "2017-10-11T01:29:43", "published-epoch": "1104469200", "modified-epoch": "1507685383", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-06-20T14:32:00", "cvss_created-epoch": "1119277920", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2000-0514", "summary": "GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges.", "cvss": "10.0", "published": "2000-06-14T04:00:00", "modified": "2017-10-10T01:29:10", "published-epoch": "960955200", "modified-epoch": "1507598950", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-0947", "summary": "Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.", "cvss": "10.0", "published": "2008-03-19T00:44:00", "modified": "2017-09-29T01:30:30", "published-epoch": "1205887440", "modified-epoch": "1506648630", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-03-19T19:00:00", "cvss_created-epoch": "1205953200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-1999-1296", "summary": "Buffer overflow in Kerberos IV compatibility libraries as used in Kerberos V allows local users to gain root privileges via a long line in a kerberos configuration file, which can be specified via the KRB_CONF environmental variable.", "cvss": "7.2", "published": "1997-04-29T04:00:00", "modified": "2016-10-18T02:02:49", "published-epoch": "862286400", "modified-epoch": "1476756169", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-4020", "summary": "MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.", "cvss": "3.5", "published": "2010-12-02T16:22:21", "modified": "2016-03-31T17:27:55", "published-epoch": "1291306941", "modified-epoch": "1459445275", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-03-31T13:37:56", "cvss_created-epoch": "1459431476", "cvss2_vector": "AV:N/AC:M/Au:S:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "cvss3_score": "6.3"}, "exact": false}, {"vuln": {"cve": "CVE-2007-4000", "summary": "The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the \"modify policy\" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.", "cvss": "8.5", "published": "2007-09-05T10:17:00", "modified": "2017-09-29T01:29:11", "published-epoch": "1188987420", "modified-epoch": "1506648551", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-09-05T18:15:00", "cvss_created-epoch": "1189016100", "cvss2_vector": "AV:N/AC:M/Au:S:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-3120", "summary": "The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.", "cvss": "4.0", "published": "2016-08-01T02:59:12", "modified": "2018-02-04T02:29:02", "published-epoch": "1470020352", "modified-epoch": "1517711342", "cwe": "CWE-476", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-08-01T17:45:23", "cvss_created-epoch": "1470073523", "cvss2_vector": "AV:N/AC:L/Au:S:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "6.5"}, "exact": false}, {"vuln": {"cve": "CVE-2012-1014", "summary": "The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request.", "cvss": "9.0", "published": "2012-08-06T16:55:01", "modified": "2012-11-06T05:08:01", "published-epoch": "1344272101", "modified-epoch": "1352178481", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-08-07T14:49:00", "cvss_created-epoch": "1344350940", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-2694", "summary": "The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.", "cvss": "5.8", "published": "2015-05-25T19:59:02", "modified": "2016-12-07T18:10:16", "published-epoch": "1432583942", "modified-epoch": "1481134216", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-05-27T13:52:06", "cvss_created-epoch": "1432734726", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-1322", "summary": "The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request that triggers an uninitialized pointer dereference, as demonstrated by a request from a Windows Active Directory client.", "cvss": "6.5", "published": "2010-10-07T21:00:01", "modified": "2011-01-14T06:42:53", "published-epoch": "1286485201", "modified-epoch": "1294987373", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-10-08T14:17:00", "cvss_created-epoch": "1286547420", "cvss2_vector": "AV:N/AC:L/Au:S:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2000-0547", "summary": "Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function.", "cvss": "5.0", "published": "2000-06-09T04:00:00", "modified": "2008-09-10T19:05:01", "published-epoch": "960523200", "modified-epoch": "1221073501", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2001-0247", "summary": "Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.", "cvss": "10.0", "published": "2001-06-18T04:00:00", "modified": "2017-12-19T02:29:18", "published-epoch": "992836800", "modified-epoch": "1513650558", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-0971", "summary": "The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.", "cvss": "2.1", "published": "2005-02-09T05:00:00", "modified": "2017-10-11T01:29:39", "published-epoch": "1107925200", "modified-epoch": "1507685379", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-2798", "summary": "Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.", "cvss": "7.4", "published": "2007-06-26T22:30:00", "modified": "2017-10-11T01:32:24", "published-epoch": "1182897000", "modified-epoch": "1507685544", "cwe": "CWE-119", "cvss_access_vector": "ADJACENT_NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-06-27T18:18:00", "cvss_created-epoch": "1182968280", "cvss2_vector": "AV:A/AC:M/Au:S:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-1015", "summary": "The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request.", "cvss": "9.3", "published": "2012-08-06T16:55:01", "modified": "2013-04-05T03:08:52", "published-epoch": "1344272101", "modified-epoch": "1365131332", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-08-07T15:04:00", "cvss_created-epoch": "1344351840", "cvss2_vector": "AV:N/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["crypto", "protocol"], "homepage": "https://web.mit.edu/kerberos/", "upstream-source": "https://kerberos.org/dist/krb5/1.16/krb5-1.16.tar.gz", "latest-version": "1.16", "short_version": "1.12+dfsg-2ubuntu5.1", "latest_cmp": false, "url": "https://kerberos.org/dist/krb5/1.16/krb5-1.16.tar.gz", "codetype": "Native", "coverity_scan": {"name": "kerberos", "language": "C/C++", "id": 327, "homepage_url": "http://web.mit.edu/kerberos/", "details": {"loc": 307410, "defect_density": {"comparison": 0.5, "over_time": [{"2017-11-01": 1.02, "2016-04-01": 1.15, "2017-08-01": 1.03, "2017-07-01": 1.17, "2017-03-01": 1.17, "2018-02-01": 1.02, "2017-05-01": 1.11, "2017-04-01": 1.12, "2016-06-01": 1.16, "2017-06-01": 1.1, "2017-01-01": 1.17, "2016-11-01": 1.17, "2016-03-01": 1.15, "2016-07-01": 1.16, "2016-08-01": 1.16, "2016-05-01": 1.16, "2018-01-01": 1.02, "2017-02-01": 1.17, "2017-10-01": 1.02, "2016-09-01": 1.17, "2016-12-01": 1.17, "2018-03-01": 1.01, "2017-12-01": 1.02, "2017-09-01": 1.02, "2016-10-01": 1.17}], "score": 1.01, "verdict": "high", "loc_range": "100,000 to 499,999"}, "build_date": "2018-03-22", "project_url": "https://scan.coverity.com/projects/kerberos", "version": "master", "cwe": [{"name": "Integer Overflow or Wraparound", "defect_count": 3, "id": 190, "rank": 24, "uri": "http://cwe.mitre.org/top25/#CWE-190"}, {"name": "Use of Potentially Dangerous Function", "defect_count": 1, "id": 676, "rank": 18, "uri": "http://cwe.mitre.org/top25/#CWE-676"}]}, "repo_url": "https://github.com/krb5/krb5", "slug": "kerberos", "mapped-name": "kerberos"}}, {"extended-objects": [{"confidence": 0.9883720930232558, "sha1": "7ed11bba8ef27b8fe8617f5446142a3a0613cc41", "name": "kmod", "timestamp": 1397138879, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "bin/kmod"], "type": "native"}, {"confidence": 0.9941860465116279, "sha1": "bd39f4b9f82d4ac15cf61ab352fb03bedb67373c", "name": "libkmod.so.2.2.5", "timestamp": 1397138880, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libkmod.so.2.2.5"], "type": "native"}], "objects": ["kmod", "libkmod.so.2.2.5"], "version": "15-0ubuntu6", "lib": "kmod", "distro_version": "15-0ubuntu6", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 0, "exact": 0, "historical": 0}, "vulns": [], "tags": ["system"], "short_version": "15-0ubuntu6", "latest_cmp": null, "homepage": null, "url": null, "codetype": "Native", "coverity_scan": {"name": "kmod", "language": "C/C++", "id": 2096, "homepage_url": "https://git.kernel.org/cgit/utils/kernel/kmod/kmod.git/", "details": {"loc": 38853, "defect_density": {"comparison": 0.35, "over_time": [{"2017-02-01": 0.05, "2016-07-01": 0.21, "2017-06-01": 0.05, "2016-08-01": 0.16}], "score": 0.05, "verdict": "low", "loc_range": "less than 100,000"}, "build_date": "2017-06-02", "project_url": "https://scan.coverity.com/projects/kmod", "version": "v24-11-gdf492f5", "cwe": [{"name": "Integer Overflow or Wraparound", "defect_count": 1, "id": 190, "rank": 24, "uri": "http://cwe.mitre.org/top25/#CWE-190"}]}, "repo_url": "git://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git", "slug": "kmod", "mapped-name": "kmod"}}, {"extended-objects": [{"confidence": 0.9488817891373802, "sha1": "c0ddf750a49a96e69173c772747ffd4467fa5d89", "name": "less", "timestamp": 1370855898, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "bin/less"], "type": "native"}], "objects": ["less"], "version": "458-2", "lib": "less", "distro_version": "458-2", "distro": "ubuntu", "cpe": ["cpe:/a:gnu:less:458-2"], "latest_version": "530", "vuln-count": {"total": 2, "exact": 0, "historical": 2}, "vulns": [{"vuln": {"cve": "CVE-2014-9488", "summary": "The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.", "cvss": "10.0", "published": "2015-04-14T18:59:02", "modified": "2016-12-31T02:59:15", "published-epoch": "1429037942", "modified-epoch": "1483153155", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-04-15T20:44:18", "cvss_created-epoch": "1429130658", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2004-2264", "summary": "** DISPUTED ** Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a vulnerability unless there are plausible scenarios under which privilege boundaries could be crossed.", "cvss": "6.4", "published": "2004-12-31T05:00:00", "modified": "2017-07-11T01:31:45", "published-epoch": "1104469200", "modified-epoch": "1499736705", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-07-25T13:57:00", "cvss_created-epoch": "1122299820", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["utility"], "homepage": "http://www.greenwoodsoftware.com/less/index.html", "upstream-source": "https://ftp.gnu.org/gnu/less/less-530.tar.gz", "latest-version": "530", "short_version": "458-2", "latest_cmp": false, "url": "https://ftp.gnu.org/gnu/less/less-530.tar.gz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 1.0, "sha1": "6c66a0ceb12eb21779bc833fa48017a73c691783", "name": "libcap.so.2.24", "timestamp": 1393010429, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libcap.so.2.24"], "type": "native"}], "objects": ["libcap.so.2.24"], "version": "2.24-0ubuntu2", "lib": "libcap", "distro_version": "2.24-0ubuntu2", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 1, "exact": 0, "historical": 1}, "vulns": [{"vuln": {"cve": "CVE-2011-4099", "summary": "The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors.", "cvss": "4.6", "published": "2014-02-08T00:55:05", "modified": "2014-02-10T15:09:31", "published-epoch": "1391820905", "modified-epoch": "1392044971", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-02-10T15:09:31", "cvss_created-epoch": "1392044971", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["system"], "homepage": "http://www.tcpdump.org/", "short_version": "2.24-0ubuntu2", "latest_cmp": null, "url": null, "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.9862068965517241, "sha1": "e40ad966f5f065c74b19196fc98a4fd266b0d851", "name": "libedit.so.2.0.47", "timestamp": 1382363479, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/x86_64-linux-gnu/libedit.so.2.0.47"], "type": "native"}], "objects": ["libedit.so.2.0.47"], "version": "3.1-20130712-2", "lib": "libedit", "distro_version": "3.1-20130712-2", "distro": "ubuntu", "latest_version": "20170329-3.1", "vuln-count": {"total": 0, "exact": 0, "historical": 0}, "vulns": [], "tags": ["system", "ui"], "homepage": "https://thrysoee.dk/editline/", "upstream-source": "https://thrysoee.dk/editline/libedit-20170329-3.1.tar.gz", "latest-version": "20170329-3.1", "short_version": "3.1-20130712-2", "latest_cmp": false, "url": "https://thrysoee.dk/editline/libedit-20170329-3.1.tar.gz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.9285714285714286, "sha1": "9afb3ce7abdc9d47a276c0bd853a21b5b6d87a18", "name": "libffi.so.6.0.1", "timestamp": 1396000209, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/lib/x86_64-linux-gnu/libffi.so.6.0.1"], "type": "native"}], "objects": ["libffi.so.6.0.1", "_ctypes.cpython-34m-x86_64-linux-gnu.so"], "version": "3.1~rc1+r3.0.13-12", "lib": "libffi", "distro_version": "3.1~rc1+r3.0.13-12", "distro": "ubuntu", "latest_version": "3.2.1", "vuln-count": {"total": 0, "exact": 0, "historical": 0}, "vulns": [], "tags": ["utility"], "homepage": "https://sourceware.org/libffi/", "upstream-source": "https://sourceware.org/pub/libffi/libffi-3.2.1.tar.gz", "latest-version": "3.2.1", "short_version": "3.1~rc1+r3.0.13-12", "latest_cmp": false, "url": "https://sourceware.org/pub/libffi/libffi-3.2.1.tar.gz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.42857142857142855, "sha1": "e0e9a2f7ca3c34fb1eeca5f023b66bc6069afbd0", "name": "_ctypes.cpython-34m-x86_64-linux-gnu.so", "timestamp": 1397225715, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/lib/python3.4/lib-dynload/_ctypes.cpython-34m-x86_64-linux-gnu.so"], "type": "native"}], "objects": ["libffi.so.6.0.1", "_ctypes.cpython-34m-x86_64-linux-gnu.so"], "version": null, "lib": "libffi", "distro_version": null, "distro": "ubuntu", "latest_version": "3.2.1", "vuln-count": {"total": 0, "exact": 0, "historical": 0}, "vulns": [], "tags": ["utility"], "homepage": "https://sourceware.org/libffi/", "upstream-source": "https://sourceware.org/pub/libffi/libffi-3.2.1.tar.gz", "latest-version": "3.2.1", "short_version": "", "latest_cmp": null, "url": "https://sourceware.org/pub/libffi/libffi-3.2.1.tar.gz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.9851576994434137, "sha1": "9b0a203e09a05ed15ff3e6306c3d89a11d843f99", "name": "libgcrypt.so.11.8.2", "timestamp": 1427374455, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libgcrypt.so.11.8.2"], "type": "native"}], "objects": ["libgcrypt.so.11.8.2"], "version": "1.5.3-2ubuntu4.2", "lib": "libgcrypt", "distro_version": "1.5.3-2ubuntu4.2", "distro": "ubuntu", "cpe": ["cpe:/a:gnupg:libgcrypt:1.5.3-2ubuntu4.2"], "latest_version": "1.8.2", "vuln-count": {"total": 7, "exact": 5, "historical": 2}, "vulns": [{"vuln": {"cve": "CVE-2014-5270", "summary": "Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.", "cvss": "2.1", "published": "2014-10-10T01:55:10", "modified": "2017-11-04T01:29:01", "published-epoch": "1412906110", "modified-epoch": "1509758941", "cwe": "CWE-200", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-09-07T14:52:58", "cvss_created-epoch": "1473259978", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-7511", "summary": "Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.", "cvss": "1.9", "published": "2016-04-19T21:59:03", "modified": "2017-07-01T01:29:20", "published-epoch": "1461103143", "modified-epoch": "1498872560", "cwe": "CWE-200", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-04-21T16:27:35", "cvss_created-epoch": "1461256055", "cvss2_vector": "AV:L/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss3_score": "2.0"}, "exact": true, "triage": [{"id": 294, "vuln_id": "CVE-2015-7511", "component": "libgcrypt", "vendor": null, "codetype": "NA", "version": "1.5.3-2ubuntu4.2", "modified": "2018-03-22T23:20:43.095386", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-6313", "summary": "The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.", "cvss": "5.0", "published": "2016-12-13T20:59:04", "modified": "2018-01-05T02:31:06", "published-epoch": "1481662744", "modified-epoch": "1515119466", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-16T19:41:21", "cvss_created-epoch": "1481917281", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss3_score": "5.3"}, "exact": true, "triage": [{"id": 289, "vuln_id": "CVE-2016-6313", "component": "libgcrypt", "vendor": null, "codetype": "NA", "version": "1.5.3-2ubuntu4.2", "modified": "2018-03-22T23:20:43.046637", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-0379", "summary": "Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c.", "cvss": "5.0", "published": "2017-08-29T22:29:00", "modified": "2017-09-06T02:12:42", "published-epoch": "1504045740", "modified-epoch": "1504663962", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-09-05T18:11:48", "cvss_created-epoch": "1504635108", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 286, "vuln_id": "CVE-2017-0379", "component": "libgcrypt", "vendor": null, "codetype": "NA", "version": "1.5.3-2ubuntu4.2", "modified": "2018-03-22T23:20:43.027397", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-9526", "summary": "In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library.", "cvss": "4.3", "published": "2017-06-11T02:29:00", "modified": "2017-11-04T01:29:57", "published-epoch": "1497148140", "modified-epoch": "1509758997", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-06-22T15:08:35", "cvss_created-epoch": "1498144115", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "5.9"}, "exact": true, "triage": [{"id": 291, "vuln_id": "CVE-2017-9526", "component": "libgcrypt", "vendor": null, "codetype": "NA", "version": "1.5.3-2ubuntu4.2", "modified": "2018-03-22T23:20:43.068029", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2018-6829", "summary": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": "5.0", "published": "2018-02-07T23:29:00", "modified": "2018-03-13T17:02:00", "published-epoch": "1518046140", "modified-epoch": "1520960520", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-02-07T23:29:00", "cvss_created-epoch": "1518046140", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 283, "vuln_id": "CVE-2018-6829", "component": "libgcrypt", "vendor": null, "codetype": "NA", "version": "1.5.3-2ubuntu4.2", "modified": "2018-03-22T23:20:43.006658", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2013-4242", "summary": "GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.", "cvss": "1.9", "published": "2013-08-19T23:55:09", "modified": "2016-12-08T03:03:31", "published-epoch": "1376956509", "modified-epoch": "1481166211", "cwe": "CWE-200", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-10-23T14:23:39", "cvss_created-epoch": "1382538219", "cvss2_vector": "AV:L/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["crypto"], "homepage": "https://directory.fsf.org/wiki/Libgcrypt", "upstream-source": "https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.2.tar.bz2", "latest-version": "1.8.2", "short_version": "1.5.3-2ubuntu4.2", "latest_cmp": false, "url": "https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.2.tar.bz2", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 1.0, "sha1": "0f677fd9662a6f3d234a7faf417be41124361a1b", "name": "libidn.so.11.6.11", "timestamp": 1386232191, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/x86_64-linux-gnu/libidn.so.11.6.11"], "type": "native"}], "objects": ["libidn.so.11.6.11"], "version": "1.28-1ubuntu2", "lib": "libidn", "distro_version": "1.28-1ubuntu2", "distro": "ubuntu", "cpe": ["cpe:/a:gnu:libidn:1.28-1ubuntu2"], "latest_version": "1.33", "vuln-count": {"total": 5, "exact": 0, "historical": 5}, "vulns": [{"vuln": {"cve": "CVE-2015-2059", "summary": "The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.", "cvss": "7.5", "published": "2015-08-12T14:59:09", "modified": "2016-12-01T02:59:22", "published-epoch": "1439391549", "modified-epoch": "1480561162", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-09-08T13:59:09", "cvss_created-epoch": "1473343149", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-8948", "summary": "idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.", "cvss": "5.0", "published": "2016-09-07T20:59:00", "modified": "2016-11-28T19:50:43", "published-epoch": "1473281940", "modified-epoch": "1480362643", "cwe": "CWE-125", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-09-08T14:06:32", "cvss_created-epoch": "1473343592", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "7.5"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2016-6261", "summary": "The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.", "cvss": "5.0", "published": "2016-09-07T20:59:04", "modified": "2016-11-28T20:31:10", "published-epoch": "1473281944", "modified-epoch": "1480365070", "cwe": "CWE-125", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-09-08T14:13:44", "cvss_created-epoch": "1473344024", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2016-6262", "summary": "idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.", "cvss": "5.0", "published": "2016-09-07T20:59:05", "modified": "2016-09-08T14:42:40", "published-epoch": "1473281945", "modified-epoch": "1473345760", "cwe": "CWE-125", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-09-08T14:17:11", "cvss_created-epoch": "1473344231", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "7.5"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2016-6263", "summary": "The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.", "cvss": "5.0", "published": "2016-09-07T20:59:06", "modified": "2016-11-28T20:31:11", "published-epoch": "1473281946", "modified-epoch": "1480365071", "cwe": "CWE-125", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-09-08T14:19:36", "cvss_created-epoch": "1473344376", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}], "tags": ["client", "dns", "protocol"], "homepage": "https://www.gnu.org/software/libidn/", "upstream-source": "https://ftp.gnu.org/gnu/libidn/libidn-1.33.tar.gz", "latest-version": "1.33", "short_version": "1.28-1ubuntu2", "latest_cmp": false, "url": "https://ftp.gnu.org/gnu/libidn/libidn-1.33.tar.gz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.5, "sha1": "1eef171e5f317b7f89e8f588314f09c6ebcbfe88", "name": "liblockfile.so.1.0", "timestamp": 1386385700, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/lib/x86_64-linux-gnu/liblockfile.so.1.0"], "type": "native"}], "objects": ["liblockfile.so.1.0"], "version": "1.09-6ubuntu1", "lib": "liblockfile", "distro_version": "1.09-6ubuntu1", "distro": "ubuntu", "latest_version": "1.14", "vuln-count": {"total": 0, "exact": 0, "historical": 0}, "vulns": [], "tags": ["system"], "homepage": "https://tracker.debian.org/pkg/liblockfile", "upstream-source": "https://mirrors.ocf.berkeley.edu/debian/pool/main/libl/liblockfile/liblockfile_1.14.orig.tar.gz", "latest-version": "1.14", "short_version": "1.09-6ubuntu1", "latest_cmp": false, "url": "https://mirrors.ocf.berkeley.edu/debian/pool/main/libl/liblockfile/liblockfile_1.14.orig.tar.gz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 1.0, "sha1": "26837b475d0fb26d4256ce1744f52b264d67b58f", "name": "libnih.so.1.0.0", "timestamp": 1392326128, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libnih.so.1.0.0"], "type": "native"}], "objects": ["libnih.so.1.0.0", "init"], "version": "1.0.3-4ubuntu25", "lib": "libnih", "distro_version": "1.0.3-4ubuntu25", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 0, "exact": 0, "historical": 0}, "vulns": [], "tags": ["utility"], "homepage": "https://github.com/keybuk/libnih", "short_version": "1.0.3-4ubuntu25", "latest_cmp": null, "url": null, "codetype": "Native", "coverity_scan": {"name": "libnih", "language": "C/C++", "id": 266, "homepage_url": null, "details": {"loc": 40225, "defect_density": {"comparison": 0.35, "over_time": [null], "score": 0.27, "verdict": "low", "loc_range": "less than 100,000"}, "build_date": "2014-04-10", "project_url": "https://scan.coverity.com/projects/libnih", "version": "dmitrijs.ledkovs@canonical.com-20140213214948-xvfzi4aol9dreo9i", "cwe": []}, "repo_url": null, "slug": "libnih", "mapped-name": "libnih"}}, {"extended-objects": [{"confidence": 0.3034188034188034, "sha1": "f8318fbf9490e34035d35494f99842cb1f57192e", "name": "init", "timestamp": 1405676811, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "sbin/init"], "type": "native"}], "objects": ["libnih.so.1.0.0", "init"], "version": null, "lib": "libnih", "distro_version": null, "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 0, "exact": 0, "historical": 0}, "vulns": [], "tags": ["utility"], "homepage": "https://github.com/keybuk/libnih", "short_version": "", "latest_cmp": null, "url": null, "codetype": "Native", "coverity_scan": {"name": "libnih", "language": "C/C++", "id": 266, "homepage_url": null, "details": {"loc": 40225, "defect_density": {"comparison": 0.35, "over_time": [null], "score": 0.27, "verdict": "low", "loc_range": "less than 100,000"}, "build_date": "2014-04-10", "project_url": "https://scan.coverity.com/projects/libnih", "version": "dmitrijs.ledkovs@canonical.com-20140213214948-xvfzi4aol9dreo9i", "cwe": []}, "repo_url": null, "slug": "libnih", "mapped-name": "libnih"}}, {"extended-objects": [{"confidence": 0.9646643109540636, "sha1": "74b49b6f935807cade50cb5545a93c3fcc18630e", "name": "libpng12.so.0.50.0", "timestamp": 1396306507, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libpng12.so.0.50.0"], "type": "native"}], "objects": ["libpng12.so.0.50.0"], "version": "1.2.50-1ubuntu2", "lib": "libpng", "distro_version": "1.2.50-1ubuntu2", "distro": "ubuntu", "cpe": ["cpe:/a:libpng:libpng:1.2.50-1ubuntu2"], "latest_version": "1.6.34", "vuln-count": {"total": 48, "exact": 3, "historical": 45}, "vulns": [{"vuln": {"cve": "CVE-2015-7981", "summary": "The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.", "cvss": "5.0", "published": "2015-11-24T20:59:15", "modified": "2017-07-01T01:29:24", "published-epoch": "1448398755", "modified-epoch": "1498872564", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-09T16:57:04", "cvss_created-epoch": "1465491424", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-8472", "summary": "Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.", "cvss": "7.5", "published": "2016-01-21T15:59:00", "modified": "2017-11-04T01:29:12", "published-epoch": "1453391940", "modified-epoch": "1509758952", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-24T16:54:09", "cvss_created-epoch": "1466787249", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss3_score": "7.3"}, "exact": true, "triage": [{"id": 313, "vuln_id": "CVE-2015-8472", "component": "libpng", "vendor": null, "codetype": "NA", "version": "1.2.50-1ubuntu2", "modified": "2018-03-22T23:20:43.289479", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-8540", "summary": "Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.", "cvss": "9.3", "published": "2016-04-14T14:59:03", "modified": "2017-11-04T01:29:12", "published-epoch": "1460645943", "modified-epoch": "1509758952", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-04-18T18:53:38", "cvss_created-epoch": "1461005618", "cvss2_vector": "AV:N/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "8.8"}, "exact": true, "triage": [{"id": 311, "vuln_id": "CVE-2015-8540", "component": "libpng", "vendor": null, "codetype": "NA", "version": "1.2.50-1ubuntu2", "modified": "2018-03-22T23:20:43.267097", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-10087", "summary": "The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.", "cvss": "5.0", "published": "2017-01-30T22:59:00", "modified": "2017-07-01T01:29:31", "published-epoch": "1485817140", "modified-epoch": "1498872571", "cwe": "CWE-476", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-02-28T14:49:07", "cvss_created-epoch": "1488293347", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 315, "vuln_id": "CVE-2016-10087", "component": "libpng", "vendor": null, "codetype": "NA", "version": "1.2.50-1ubuntu2", "modified": "2018-03-22T23:20:43.312261", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2002-0728", "summary": "Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk.", "cvss": "5.0", "published": "2002-08-12T04:00:00", "modified": "2008-09-05T20:28:47", "published-epoch": "1029124800", "modified-epoch": "1220646527", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-0598", "summary": "The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference.", "cvss": "5.0", "published": "2004-11-23T05:00:00", "modified": "2017-10-11T01:29:29", "published-epoch": "1101186000", "modified-epoch": "1507685369", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-1205", "summary": "Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.", "cvss": "7.5", "published": "2010-06-30T18:30:01", "modified": "2017-09-19T01:30:36", "published-epoch": "1277922601", "modified-epoch": "1505784636", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-07-01T14:09:00", "cvss_created-epoch": "1277993340", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-5266", "summary": "Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated.", "cvss": "4.3", "published": "2007-10-08T21:17:00", "modified": "2011-03-08T03:00:24", "published-epoch": "1191878220", "modified-epoch": "1299553224", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-10-09T10:42:00", "cvss_created-epoch": "1191926520", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-3425", "summary": "The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.", "cvss": "4.3", "published": "2012-08-13T20:55:09", "modified": "2016-08-26T18:10:14", "published-epoch": "1344891309", "modified-epoch": "1472235014", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-08-26T17:52:43", "cvss_created-epoch": "1472233963", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-0205", "summary": "The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a \"decompression bomb\" attack.", "cvss": "7.8", "published": "2010-03-03T19:30:00", "modified": "2017-08-17T01:31:55", "published-epoch": "1267644600", "modified-epoch": "1502933515", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-03-04T13:46:00", "cvss_created-epoch": "1267710360", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-9495", "summary": "Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a \"very wide interlaced\" PNG image.", "cvss": "10.0", "published": "2015-01-10T19:59:00", "modified": "2016-10-18T03:45:18", "published-epoch": "1420919940", "modified-epoch": "1476762318", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-03-29T14:04:51", "cvss_created-epoch": "1459260291", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-8126", "summary": "Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.", "cvss": "7.5", "published": "2015-11-13T03:59:05", "modified": "2017-07-01T01:29:24", "published-epoch": "1447387145", "modified-epoch": "1498872564", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-24T16:54:10", "cvss_created-epoch": "1466787250", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-0333", "summary": "The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.", "cvss": "5.0", "published": "2014-02-27T20:55:04", "modified": "2014-03-26T04:56:09", "published-epoch": "1393534504", "modified-epoch": "1395809769", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-02-28T15:45:31", "cvss_created-epoch": "1393602331", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-5063", "summary": "Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244.", "cvss": "5.0", "published": "2011-08-31T23:55:01", "modified": "2012-07-24T03:12:12", "published-epoch": "1314834901", "modified-epoch": "1343099532", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-09-01T12:32:00", "cvss_created-epoch": "1314880320", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-3751", "summary": "Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.", "cvss": "7.5", "published": "2016-07-11T01:59:51", "modified": "2016-07-11T17:52:53", "published-epoch": "1468202391", "modified-epoch": "1468259573", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-07-11T15:17:37", "cvss_created-epoch": "1468250257", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": false}, {"vuln": {"cve": "CVE-2006-7244", "summary": "Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions before 1.2.15beta3, allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length.", "cvss": "5.0", "published": "2011-08-31T23:55:00", "modified": "2012-06-15T04:00:00", "published-epoch": "1314834900", "modified-epoch": "1339732800", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-09-01T12:23:00", "cvss_created-epoch": "1314879780", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-0421", "summary": "The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.", "cvss": "5.0", "published": "2004-08-18T04:00:00", "modified": "2017-10-11T01:29:25", "published-epoch": "1092801600", "modified-epoch": "1507685365", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-2690", "summary": "Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.", "cvss": "6.8", "published": "2011-07-17T20:55:01", "modified": "2017-08-29T01:29:30", "published-epoch": "1310936101", "modified-epoch": "1503970170", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-07-18T13:17:00", "cvss_created-epoch": "1310995020", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-3048", "summary": "The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.", "cvss": "6.8", "published": "2012-05-29T20:55:04", "modified": "2017-12-29T02:29:01", "published-epoch": "1338324904", "modified-epoch": "1514514541", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-05-30T14:01:00", "cvss_created-epoch": "1338386460", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-3964", "summary": "Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.", "cvss": "4.3", "published": "2008-09-11T01:13:47", "modified": "2017-08-08T01:32:18", "published-epoch": "1221095627", "modified-epoch": "1502155938", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-09-11T22:38:00", "cvss_created-epoch": "1221172680", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-3026", "summary": "Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.", "cvss": "7.5", "published": "2012-02-16T20:55:04", "modified": "2018-01-10T02:29:08", "published-epoch": "1329425704", "modified-epoch": "1515551348", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-10-21T16:53:12", "cvss_created-epoch": "1477068792", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-0040", "summary": "The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.", "cvss": "6.8", "published": "2009-02-22T22:30:00", "modified": "2017-09-29T01:33:35", "published-epoch": "1235341800", "modified-epoch": "1506648815", "cwe": "CWE-94", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-02-23T21:03:00", "cvss_created-epoch": "1235422980", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2002-1363", "summary": "Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers.", "cvss": "7.5", "published": "2002-12-26T05:00:00", "modified": "2017-10-10T01:30:11", "published-epoch": "1040878800", "modified-epoch": "1507599011", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-7353", "summary": "Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.", "cvss": "5.0", "published": "2014-05-06T14:55:05", "modified": "2016-12-31T02:59:10", "published-epoch": "1399388105", "modified-epoch": "1483153150", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-05-06T18:58:00", "cvss_created-epoch": "1399402680", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-2691", "summary": "The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.", "cvss": "5.0", "published": "2011-07-17T20:55:01", "modified": "2017-08-29T01:29:31", "published-epoch": "1310936101", "modified-epoch": "1503970171", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-07-18T13:25:00", "cvss_created-epoch": "1310995500", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-2042", "summary": "libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via \"out-of-bounds pixels\" in the file.", "cvss": "4.3", "published": "2009-06-12T20:30:00", "modified": "2017-08-17T01:30:38", "published-epoch": "1244838600", "modified-epoch": "1502933438", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-06-15T15:14:00", "cvss_created-epoch": "1245078840", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-0973", "summary": "Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.", "cvss": "7.5", "published": "2015-01-18T18:59:03", "modified": "2016-10-20T18:46:05", "published-epoch": "1421607543", "modified-epoch": "1476989165", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-10-20T16:40:19", "cvss_created-epoch": "1476981619", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-7354", "summary": "Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.", "cvss": "5.0", "published": "2014-05-06T14:55:05", "modified": "2016-12-31T02:59:10", "published-epoch": "1399388105", "modified-epoch": "1483153150", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-05-06T19:03:46", "cvss_created-epoch": "1399403026", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-2692", "summary": "The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.", "cvss": "4.3", "published": "2011-07-17T20:55:01", "modified": "2017-08-29T01:29:31", "published-epoch": "1310936101", "modified-epoch": "1503970171", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-07-18T13:33:00", "cvss_created-epoch": "1310995980", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-0481", "summary": "Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service (crash) when the png_do_strip_filler function is used to strip alpha channels out of the image.", "cvss": "5.0", "published": "2006-01-31T18:03:00", "modified": "2017-10-11T01:30:37", "published-epoch": "1138730580", "modified-epoch": "1507685437", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-01-31T18:20:00", "cvss_created-epoch": "1138731600", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-0408", "summary": "pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow. NOTE: some of these details are obtained from third party information.", "cvss": "6.8", "published": "2011-01-18T18:03:08", "modified": "2017-08-17T01:33:29", "published-epoch": "1295373788", "modified-epoch": "1502933609", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-01-19T15:30:00", "cvss_created-epoch": "1295451000", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-0597", "summary": "Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.", "cvss": "10.0", "published": "2004-11-23T05:00:00", "modified": "2017-07-11T01:30:17", "published-epoch": "1101186000", "modified-epoch": "1499736617", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-3328", "summary": "The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value.", "cvss": "2.6", "published": "2012-01-17T19:55:00", "modified": "2012-09-22T03:25:25", "published-epoch": "1326830100", "modified-epoch": "1348284325", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-01-17T21:21:00", "cvss_created-epoch": "1326835260", "cvss2_vector": "AV:N/AC:H/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-1382", "summary": "libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length \"unknown\" chunks, which trigger an access of uninitialized memory.", "cvss": "7.5", "published": "2008-04-14T16:05:00", "modified": "2017-09-29T01:30:40", "published-epoch": "1208189100", "modified-epoch": "1506648640", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-04-14T17:26:00", "cvss_created-epoch": "1208193960", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-5793", "summary": "The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read.", "cvss": "2.6", "published": "2006-11-17T23:07:00", "modified": "2017-10-11T01:31:22", "published-epoch": "1163804820", "modified-epoch": "1507685482", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-11-20T16:43:00", "cvss_created-epoch": "1164040980", "cvss2_vector": "AV:N/AC:H/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2002-0660", "summary": "Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CVE-2002-0728.", "cvss": "7.5", "published": "2002-08-12T04:00:00", "modified": "2016-12-08T02:59:18", "published-epoch": "1029124800", "modified-epoch": "1481165958", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-5268", "summary": "pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image.", "cvss": "4.3", "published": "2007-10-08T21:17:00", "modified": "2015-11-10T16:40:18", "published-epoch": "1191878220", "modified-epoch": "1447173618", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-11-10T15:55:36", "cvss_created-epoch": "1447170936", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-2445", "summary": "The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.", "cvss": "5.0", "published": "2007-05-16T22:30:00", "modified": "2017-10-11T01:32:13", "published-epoch": "1179354600", "modified-epoch": "1507685533", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-11-10T16:01:27", "cvss_created-epoch": "1447171287", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-3334", "summary": "Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to \"chunk error processing,\" possibly involving the \"chunk_name\".", "cvss": "7.5", "published": "2006-06-30T23:05:00", "modified": "2017-07-20T01:32:14", "published-epoch": "1151708700", "modified-epoch": "1500514334", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-07-03T17:10:00", "cvss_created-epoch": "1151946600", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-5907", "summary": "The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability.", "cvss": "5.0", "published": "2009-01-15T17:30:00", "modified": "2017-08-08T01:33:36", "published-epoch": "1232040600", "modified-epoch": "1502156016", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-01-15T20:31:00", "cvss_created-epoch": "1232051460", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-3464", "summary": "Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow.", "cvss": "7.5", "published": "2012-07-22T17:55:01", "modified": "2012-07-23T04:00:00", "published-epoch": "1342979701", "modified-epoch": "1343016000", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-07-23T18:04:00", "cvss_created-epoch": "1343066640", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-0599", "summary": "Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image.", "cvss": "5.0", "published": "2004-11-23T05:00:00", "modified": "2017-10-11T01:29:29", "published-epoch": "1101186000", "modified-epoch": "1507685369", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-6954", "summary": "The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.", "cvss": "5.0", "published": "2014-01-12T18:34:55", "modified": "2018-01-05T02:29:45", "published-epoch": "1389551695", "modified-epoch": "1515119385", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-01-13T17:59:02", "cvss_created-epoch": "1389635942", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-6218", "summary": "Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file.", "cvss": "7.1", "published": "2009-02-20T17:30:03", "modified": "2017-08-17T01:29:08", "published-epoch": "1235151003", "modified-epoch": "1502933348", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-02-23T13:05:00", "cvss_created-epoch": "1235394300", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-5267", "summary": "Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266.", "cvss": "4.3", "published": "2007-10-08T21:17:00", "modified": "2011-03-08T03:00:24", "published-epoch": "1191878220", "modified-epoch": "1299553224", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-10-09T11:04:00", "cvss_created-epoch": "1191927840", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-5269", "summary": "Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations.", "cvss": "5.0", "published": "2007-10-08T21:17:00", "modified": "2017-09-29T01:29:32", "published-epoch": "1191878220", "modified-epoch": "1506648572", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-10-09T13:31:00", "cvss_created-epoch": "1191936660", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-2501", "summary": "The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.", "cvss": "4.3", "published": "2011-07-17T20:55:01", "modified": "2017-08-29T01:29:25", "published-epoch": "1310936101", "modified-epoch": "1503970165", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-07-18T12:43:00", "cvss_created-epoch": "1310992980", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-2249", "summary": "Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.", "cvss": "5.0", "published": "2010-06-30T18:30:01", "modified": "2017-08-17T01:32:40", "published-epoch": "1277922601", "modified-epoch": "1502933560", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-07-01T19:24:00", "cvss_created-epoch": "1278012240", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["image"], "homepage": "http://www.libpng.org/pub/png/libpng.html", "upstream-source": "https://downloads.sourceforge.net/libpng/libpng-1.6.34.tar.xz", "latest-version": "1.6.34", "short_version": "1.2.50-1ubuntu2", "latest_cmp": false, "url": "https://downloads.sourceforge.net/libpng/libpng-1.6.34.tar.xz", "codetype": "Native", "coverity_scan": {"name": "libpng", "language": "C/C++", "id": 4061, "homepage_url": "libpng.sourceforge.net", "details": {"loc": 1061927, "defect_density": {"comparison": 0.65, "over_time": [{"2016-07-01": 0.0, "2016-12-01": 0.0, "2016-08-01": 0.0, "2017-04-01": 0.0, "2016-05-01": 0.0, "2016-06-01": 0.01, "2017-06-01": 0.0, "2016-04-01": 0.0, "2017-08-01": 0.0, "2017-10-01": 0.0, "2017-07-01": 0.0, "2017-03-01": 0.0, "2017-09-01": 0.0, "2016-09-01": 0.0, "2016-10-01": 0.0}], "score": 0.0, "verdict": "low", "loc_range": "more than 1 million"}, "build_date": "2017-10-01", "project_url": "https://scan.coverity.com/projects/libpng", "version": "1.6.35beta01", "cwe": []}, "repo_url": "https://github.com/glennrp/libpng.git", "slug": "libpng", "mapped-name": "libpng"}}, {"extended-objects": [{"confidence": 0.9183673469387755, "sha1": "b587e0f5cbf519bf559cad89bce8c391495ea2b8", "name": "libtasn1.so.6.2.0", "timestamp": 1427990160, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/lib/x86_64-linux-gnu/libtasn1.so.6.2.0"], "type": "native"}], "objects": ["libtasn1.so.6.2.0"], "version": "3.4-3ubuntu0.2", "lib": "libtasn1", "distro_version": "3.4-3ubuntu0.2", "distro": "ubuntu", "cpe": ["cpe:/a:gnu:libtasn1:3.4-3ubuntu0.2"], "latest_version": "4.13", "vuln-count": {"total": 12, "exact": 4, "historical": 8}, "vulns": [{"vuln": {"cve": "CVE-2014-3467", "summary": "Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.", "cvss": "4.3", "published": "2014-06-05T20:55:06", "modified": "2017-12-29T02:29:21", "published-epoch": "1402001706", "modified-epoch": "1514514561", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-06-06T16:39:27", "cvss_created-epoch": "1402072767", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3468", "summary": "The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.", "cvss": "6.8", "published": "2014-06-05T20:55:06", "modified": "2017-12-29T02:29:22", "published-epoch": "1402001706", "modified-epoch": "1514514562", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-06-06T16:43:58", "cvss_created-epoch": "1402073038", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3469", "summary": "The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.", "cvss": "4.3", "published": "2014-06-05T20:55:06", "modified": "2017-12-29T02:29:22", "published-epoch": "1402001706", "modified-epoch": "1514514562", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-06-06T17:00:55", "cvss_created-epoch": "1402074055", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-2806", "summary": "Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.", "cvss": "10.0", "published": "2015-04-10T15:00:05", "modified": "2018-01-05T02:30:04", "published-epoch": "1428678005", "modified-epoch": "1515119404", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-08-25T14:48:18", "cvss_created-epoch": "1472136498", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-3622", "summary": "The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.", "cvss": "4.3", "published": "2015-05-12T19:59:24", "modified": "2018-01-05T02:30:06", "published-epoch": "1431460764", "modified-epoch": "1515119406", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-01-03T18:00:26", "cvss_created-epoch": "1483466426", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true}, {"vuln": {"cve": "CVE-2016-4008", "summary": "The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.", "cvss": "4.3", "published": "2016-05-05T18:59:10", "modified": "2017-07-01T01:29:44", "published-epoch": "1462474750", "modified-epoch": "1498872584", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-18T01:03:53", "cvss_created-epoch": "1466211833", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "5.9"}, "exact": true}, {"vuln": {"cve": "CVE-2017-10790", "summary": "The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.", "cvss": "5.0", "published": "2017-07-02T03:29:00", "modified": "2018-03-16T01:29:00", "published-epoch": "1498966140", "modified-epoch": "1521163740", "cwe": "CWE-476", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-07-02T03:29:00", "cvss_created-epoch": "1498966140", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true}, {"vuln": {"cve": "CVE-2018-6003", "summary": "An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.", "cvss": "5.0", "published": "2018-01-22T20:29:00", "modified": "2018-02-09T18:08:40", "published-epoch": "1516652940", "modified-epoch": "1518199720", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-02-08T18:43:17", "cvss_created-epoch": "1518115397", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true}, {"vuln": {"cve": "CVE-2012-1569", "summary": "The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.", "cvss": "5.0", "published": "2012-03-26T19:55:01", "modified": "2018-01-18T02:29:13", "published-epoch": "1332791701", "modified-epoch": "1516242553", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-03-27T16:28:00", "cvss_created-epoch": "1332865680", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-0401", "summary": "Unknown vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before 0.2.7, related to the DER parsing functions.", "cvss": "10.0", "published": "2004-07-07T04:00:00", "modified": "2017-07-11T01:30:08", "published-epoch": "1089172800", "modified-epoch": "1499736608", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-0645", "summary": "Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via \"out-of-bounds access\" caused by invalid input, as demonstrated by the ProtoVer SSL test suite.", "cvss": "7.5", "published": "2006-02-10T18:06:00", "modified": "2017-10-11T01:30:38", "published-epoch": "1139594760", "modified-epoch": "1507685438", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-02-12T21:00:00", "cvss_created-epoch": "1139778000", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-6891", "summary": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.", "cvss": "6.8", "published": "2017-05-22T19:29:00", "modified": "2017-11-04T01:29:49", "published-epoch": "1495481340", "modified-epoch": "1509758989", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-06-02T01:36:59", "cvss_created-epoch": "1496367419", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "8.8"}, "exact": false}], "tags": ["parser"], "homepage": "https://www.gnu.org/software/libtasn1/", "upstream-source": "https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.13.tar.gz", "latest-version": "4.13", "short_version": "3.4-3ubuntu0.2", "latest_cmp": false, "url": "https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.13.tar.gz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 1.0, "sha1": "779ac503d5ced5ccf400563fd651bbff0aefadd2", "name": "libusb-0.1.so.4.4.4", "timestamp": 1386079122, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libusb-0.1.so.4.4.4"], "type": "native"}], "objects": ["libusb-0.1.so.4.4.4"], "version": "0.1.12-23.3ubuntu1", "lib": "libusb-compat", "distro_version": "0.1.12-23.3ubuntu1", "distro": "ubuntu", "latest_version": "0.1.5", "vuln-count": {"total": 0, "exact": 0, "historical": 0}, "vulns": [], "tags": ["usb"], "homepage": "http://libusb.info", "upstream-source": "https://downloads.sourceforge.net/project/libusb/libusb-compat-0.1/libusb-compat-0.1.5/libusb-compat-0.1.5.tar.bz2", "latest-version": "0.1.5", "short_version": "0.1.12-23.3ubuntu1", "latest_cmp": true, "url": "https://downloads.sourceforge.net/project/libusb/libusb-compat-0.1/libusb-compat-0.1.5/libusb-compat-0.1.5.tar.bz2", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.9971698113207547, "sha1": "7ac21b606bd0531dcc412c8966e261aec1351f6b", "name": "libX11.so.6.3.0", "timestamp": 1386178748, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/x86_64-linux-gnu/libX11.so.6.3.0"], "type": "native"}], "objects": ["libX11.so.6.3.0"], "version": "1.6.2-1ubuntu2", "lib": "libx11", "distro_version": "1.6.2-1ubuntu2", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 8, "exact": 2, "historical": 6}, "vulns": [{"vuln": {"cve": "CVE-2016-7942", "summary": "The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations.", "cvss": "7.5", "published": "2016-12-13T20:59:05", "modified": "2017-07-01T01:30:09", "published-epoch": "1481662745", "modified-epoch": "1498872609", "cwe": "CWE-787", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-14T15:41:13", "cvss_created-epoch": "1481730073", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 263, "vuln_id": "CVE-2016-7942", "component": "libx11", "vendor": null, "codetype": "NA", "version": "1.6.2-1ubuntu2", "modified": "2018-03-22T23:19:37.676259", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-7943", "summary": "The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations.", "cvss": "7.5", "published": "2016-12-13T20:59:07", "modified": "2017-07-01T01:30:09", "published-epoch": "1481662747", "modified-epoch": "1498872609", "cwe": "CWE-787", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-14T15:41:21", "cvss_created-epoch": "1481730081", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 261, "vuln_id": "CVE-2016-7943", "component": "libx11", "vendor": null, "codetype": "NA", "version": "1.6.2-1ubuntu2", "modified": "2018-03-22T23:19:37.654795", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2013-7439", "summary": "Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.", "cvss": "7.5", "published": "2015-04-16T14:59:00", "modified": "2016-10-18T03:43:42", "published-epoch": "1429196340", "modified-epoch": "1476762222", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-08-23T14:52:22", "cvss_created-epoch": "1471963942", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-1981", "summary": "Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11) LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14) TransFileName functions.", "cvss": "6.8", "published": "2013-06-15T19:55:00", "modified": "2016-11-28T19:08:58", "published-epoch": "1371326100", "modified-epoch": "1480360138", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-10-07T19:00:37", "cvss_created-epoch": "1381172437", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-1997", "summary": "Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions.", "cvss": "6.8", "published": "2013-06-15T20:55:00", "modified": "2013-12-01T04:27:31", "published-epoch": "1371329700", "modified-epoch": "1385872051", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-06-17T17:03:00", "cvss_created-epoch": "1371488580", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-2004", "summary": "The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file.", "cvss": "6.8", "published": "2013-06-15T20:55:00", "modified": "2013-06-21T03:17:16", "published-epoch": "1371329700", "modified-epoch": "1371784636", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-06-17T17:22:00", "cvss_created-epoch": "1371489720", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-5397", "summary": "The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.", "cvss": "2.1", "published": "2006-11-03T00:07:00", "modified": "2017-07-20T01:33:42", "published-epoch": "1162512420", "modified-epoch": "1500514422", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-11-06T12:03:00", "cvss_created-epoch": "1162814580", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-1667", "summary": "Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.", "cvss": "9.3", "published": "2007-03-24T21:19:00", "modified": "2017-10-11T01:31:56", "published-epoch": "1174771140", "modified-epoch": "1507685516", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-03-27T01:13:00", "cvss_created-epoch": "1174957980", "cvss2_vector": "AV:N/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["server", "ui"], "short_version": "1.6.2-1ubuntu2", "latest_cmp": null, "homepage": null, "url": null, "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.9130434782608695, "sha1": "62a1c231a08837a46918084baca399699d605860", "name": "libxcb.so.1.1.0", "timestamp": 1389781860, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0"], "type": "native"}], "objects": ["libxcb.so.1.1.0"], "version": "1.10-2ubuntu1", "lib": "libxcb", "distro_version": "1.10-2ubuntu1", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 1, "exact": 0, "historical": 1}, "vulns": [{"vuln": {"cve": "CVE-2013-2064", "summary": "Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.", "cvss": "6.8", "published": "2013-06-15T19:55:01", "modified": "2016-11-28T19:09:01", "published-epoch": "1371326101", "modified-epoch": "1480360141", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-08-19T18:32:26", "cvss_created-epoch": "1471631546", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["ui"], "homepage": "http://xcb.freedesktop.org/", "short_version": "1.10-2ubuntu1", "latest_cmp": null, "url": null, "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 1.0, "sha1": "dfe6a4ae39a6b4d7613cce5405d1a77a42bdcb65", "name": "libXext.so.6.4.0", "timestamp": 1428519004, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/x86_64-linux-gnu/libXext.so.6.4.0"], "type": "native"}], "objects": ["libXext.so.6.4.0"], "version": "1.3.2-1ubuntu0.0.14.04.1", "lib": "libxext", "distro_version": "1.3.2-1ubuntu0.0.14.04.1", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 1, "exact": 0, "historical": 1}, "vulns": [{"vuln": {"cve": "CVE-2013-1982", "summary": "Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XcupGetReservedColormapEntries, (2) XcupStoreColors, (3) XdbeGetVisualInfo, (4) XeviGetVisualInfo, (5) XShapeGetRectangles, and (6) XSyncListSystemCounters functions.", "cvss": "6.8", "published": "2013-06-15T19:55:00", "modified": "2013-06-21T03:17:14", "published-epoch": "1371326100", "modified-epoch": "1371784634", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-06-17T14:39:00", "cvss_created-epoch": "1371479940", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["ui"], "short_version": "1.3.2-1ubuntu0.0.14.04.1", "latest_cmp": null, "homepage": null, "url": null, "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 1.0, "sha1": "2e941e12d4d359bfae7d74f15d452ab7dc7901e5", "name": "libpam.so.0.83.1", "timestamp": 1391206884, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libpam.so.0.83.1"], "type": "native"}], "objects": ["libpam.so.0.83.1"], "version": "1.1.8-1ubuntu2", "lib": "linux-pam", "distro_version": "1.1.8-1ubuntu2", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 17, "exact": 1, "historical": 16}, "vulns": [{"vuln": {"cve": "CVE-2014-2583", "summary": "Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function.", "cvss": "5.8", "published": "2014-04-10T20:29:20", "modified": "2016-12-03T03:01:04", "published-epoch": "1397161760", "modified-epoch": "1480734064", "cwe": "CWE-22", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-14T13:39:48", "cvss_created-epoch": "1465911588", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-3238", "summary": "The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.", "cvss": "5.8", "published": "2015-08-24T14:59:04", "modified": "2016-12-03T03:09:08", "published-epoch": "1440428344", "modified-epoch": "1480734548", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-14T18:05:31", "cvss_created-epoch": "1465927531", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "cvss3_score": "6.5"}, "exact": true}, {"vuln": {"cve": "CVE-2010-4706", "summary": "The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might allow local users to delete unintended files by executing a program that relies on the pam_xauth PAM check.", "cvss": "4.9", "published": "2011-01-24T19:00:01", "modified": "2017-08-17T01:33:20", "published-epoch": "1295895601", "modified-epoch": "1502933600", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-01-25T17:20:00", "cvss_created-epoch": "1295976000", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2010-4708", "summary": "The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check.", "cvss": "7.2", "published": "2011-01-24T19:00:02", "modified": "2017-08-17T01:33:20", "published-epoch": "1295895602", "modified-epoch": "1502933600", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-01-25T17:46:00", "cvss_created-epoch": "1295977560", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2010-3431", "summary": "The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435.", "cvss": "1.9", "published": "2011-01-24T18:00:01", "modified": "2012-07-24T03:21:44", "published-epoch": "1295892001", "modified-epoch": "1343100104", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-01-25T14:08:00", "cvss_created-epoch": "1295964480", "cvss2_vector": "AV:L/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2010-3853", "summary": "pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.", "cvss": "6.9", "published": "2011-01-24T18:00:02", "modified": "2012-07-24T03:22:39", "published-epoch": "1295892002", "modified-epoch": "1343100159", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-01-25T14:36:00", "cvss_created-epoch": "1295966160", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2010-4707", "summary": "The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service (resource consumption) via a special file.", "cvss": "4.9", "published": "2011-01-24T19:00:01", "modified": "2017-08-17T01:33:20", "published-epoch": "1295895601", "modified-epoch": "1502933600", "cwe": "CWE-399", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-01-25T17:26:00", "cvss_created-epoch": "1295976360", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2011-3149", "summary": "The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).", "cvss": "2.1", "published": "2012-07-22T17:55:01", "modified": "2014-03-06T04:31:36", "published-epoch": "1342979701", "modified-epoch": "1394080296", "cwe": "CWE-119", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-07-23T17:59:00", "cvss_created-epoch": "1343066340", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2010-3316", "summary": "The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check.", "cvss": "3.3", "published": "2011-01-24T18:00:01", "modified": "2012-07-24T03:21:28", "published-epoch": "1295892001", "modified-epoch": "1343100088", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-01-24T18:17:00", "cvss_created-epoch": "1295893020", "cvss2_vector": "AV:L/AC:M/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2010-3430", "summary": "The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435.", "cvss": "4.7", "published": "2011-01-24T18:00:01", "modified": "2012-07-24T03:21:43", "published-epoch": "1295892001", "modified-epoch": "1343100103", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-01-24T20:12:00", "cvss_created-epoch": "1295899920", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2009-0887", "summary": "Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with a different user's non-ASCII username, via a login attempt.", "cvss": "6.6", "published": "2009-03-12T15:20:50", "modified": "2017-08-17T01:30:04", "published-epoch": "1236871250", "modified-epoch": "1502933404", "cwe": "CWE-189", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-03-13T12:31:00", "cvss_created-epoch": "1236947460", "cvss2_vector": "AV:L/AC:M/Au:S:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2010-3435", "summary": "The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory.", "cvss": "4.7", "published": "2011-01-24T18:00:02", "modified": "2012-07-24T03:21:44", "published-epoch": "1295892002", "modified-epoch": "1343100104", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-01-25T14:24:00", "cvss_created-epoch": "1295965440", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2009-0579", "summary": "Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified.", "cvss": "4.6", "published": "2009-04-16T15:12:57", "modified": "2009-04-16T04:00:00", "published-epoch": "1239894777", "modified-epoch": "1239854400", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-04-16T15:52:00", "cvss_created-epoch": "1239897120", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2011-3148", "summary": "Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file.", "cvss": "4.6", "published": "2012-07-22T17:55:01", "modified": "2014-03-06T04:31:35", "published-epoch": "1342979701", "modified-epoch": "1394080295", "cwe": "CWE-119", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-07-23T17:51:00", "cvss_created-epoch": "1343065860", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-1999-0342", "summary": "Linux PAM modules allow local users to gain root access using temporary files.", "cvss": "6.2", "published": "1998-12-01T05:00:00", "modified": "2008-09-09T12:34:18", "published-epoch": "912488400", "modified-epoch": "1220963658", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:H/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2002-1227", "summary": "PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users.", "cvss": "7.5", "published": "2002-10-28T05:00:00", "modified": "2008-09-05T20:30:05", "published-epoch": "1035781200", "modified-epoch": "1220646605", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2005-2977", "summary": "The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.", "cvss": "2.1", "published": "2005-11-01T12:47:00", "modified": "2017-10-11T01:30:21", "published-epoch": "1130849220", "modified-epoch": "1507685421", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-11-01T17:21:00", "cvss_created-epoch": "1130865660", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}], "tags": ["pam"], "short_version": "1.1.8-1ubuntu2", "latest_cmp": null, "homepage": null, "url": null, "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 1.0, "sha1": "abc42f032572e9f94ea028536d52c833bee2543e", "name": "logrotate", "timestamp": 1390418228, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/sbin/logrotate"], "type": "native"}], "objects": ["logrotate"], "version": "3.8.7-1ubuntu1", "lib": "logrotate", "distro_version": "3.8.7-1ubuntu1", "distro": "ubuntu", "latest_version": "3.14.0", "vuln-count": {"total": 6, "exact": 0, "historical": 6}, "vulns": [{"vuln": {"cve": "CVE-2011-1549", "summary": "The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages.", "cvss": "6.3", "published": "2011-03-30T22:55:02", "modified": "2011-04-21T02:33:48", "published-epoch": "1301525702", "modified-epoch": "1303353228", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-03-31T15:12:00", "cvss_created-epoch": "1301584320", "cvss2_vector": "AV:L/AC:M/Au:N:/C:N/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2011-1098", "summary": "Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.", "cvss": "1.9", "published": "2011-03-30T22:55:02", "modified": "2011-04-21T02:33:25", "published-epoch": "1301525702", "modified-epoch": "1303353205", "cwe": "CWE-362", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-03-31T13:27:00", "cvss_created-epoch": "1301578020", "cvss2_vector": "AV:L/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2011-1154", "summary": "The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.", "cvss": "6.9", "published": "2011-03-30T22:55:02", "modified": "2011-04-21T02:33:30", "published-epoch": "1301525702", "modified-epoch": "1303353210", "cwe": "CWE-20", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-03-31T14:16:00", "cvss_created-epoch": "1301580960", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2011-1155", "summary": "The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \\n (newline) or (2) \\ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.", "cvss": "1.9", "published": "2011-03-30T22:55:02", "modified": "2011-04-21T02:33:30", "published-epoch": "1301525702", "modified-epoch": "1303353210", "cwe": "CWE-399", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-03-31T14:34:00", "cvss_created-epoch": "1301582040", "cvss2_vector": "AV:L/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2011-1550", "summary": "The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.", "cvss": "6.3", "published": "2011-03-30T22:55:02", "modified": "2011-04-07T04:00:00", "published-epoch": "1301525702", "modified-epoch": "1302148800", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-03-31T15:35:00", "cvss_created-epoch": "1301585700", "cvss2_vector": "AV:L/AC:M/Au:N:/C:N/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2011-1548", "summary": "The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.", "cvss": "6.3", "published": "2011-03-30T22:55:02", "modified": "2011-04-21T02:33:47", "published-epoch": "1301525702", "modified-epoch": "1303353227", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-03-31T14:54:00", "cvss_created-epoch": "1301583240", "cvss2_vector": "AV:L/AC:M/Au:N:/C:N/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}], "tags": ["utility"], "homepage": "https://github.com/logrotate/logrotate", "upstream-source": "https://github.com/logrotate/logrotate/releases/download/3.14.0/logrotate-3.14.0.tar.gz", "latest-version": "3.14.0", "short_version": "3.8.7-1ubuntu1", "latest_cmp": false, "url": "https://github.com/logrotate/logrotate/releases/download/3.14.0/logrotate-3.14.0.tar.gz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 1.0, "sha1": "3462fce89f3e37f0419cf118d90d6c36887e1609", "name": "mawk", "timestamp": 1395654813, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/mawk"], "type": "native"}], "objects": ["mawk"], "version": "1.3.3-17ubuntu2", "lib": "mawk", "distro_version": "1.3.3-17ubuntu2", "distro": "ubuntu", "latest_version": "1.3.4-20171017", "vuln-count": {"total": 0, "exact": 0, "historical": 0}, "vulns": [], "tags": ["vm"], "homepage": "https://invisible-island.net/mawk/", "upstream-source": "https://invisible-mirror.net/archives/mawk/mawk-1.3.4-20171017.tgz", "latest-version": "1.3.4-20171017", "short_version": "1.3.3-17ubuntu2", "latest_cmp": false, "url": "https://invisible-mirror.net/archives/mawk/mawk-1.3.4-20171017.tgz", "codetype": "Native", "coverity_scan": {"name": "mawk", "language": "C/C++", "id": 138, "homepage_url": null, "details": {"loc": 33608, "defect_density": {"comparison": 0.35, "over_time": [{"2017-10-01": 0.06, "2016-09-01": 0.07}], "score": 0.06, "verdict": "low", "loc_range": "less than 100,000"}, "build_date": "2017-10-17", "project_url": "https://scan.coverity.com/projects/mawk", "version": "mawk-1.3.4-20171017", "cwe": [{"name": "Use of Potentially Dangerous Function", "defect_count": 1, "id": 676, "rank": 18, "uri": "http://cwe.mitre.org/top25/#CWE-676"}]}, "repo_url": null, "slug": "mawk", "mapped-name": "mawk"}}, {"extended-objects": [{"confidence": 1.0, "sha1": "826fd27956426554a65641ea3d53858583cf1aba", "name": "mountall", "timestamp": 1393033226, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "sbin/mountall"], "type": "native"}], "objects": ["mountall"], "version": "2.53", "lib": "mountall", "distro_version": "2.53", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 1, "exact": 0, "historical": 1}, "vulns": [{"vuln": {"cve": "CVE-2010-2961", "summary": "mountall.c in mountall before 2.15.2 uses 0666 permissions for the root.rules file, which allows local users to gain privileges by modifying this file.", "cvss": "6.9", "published": "2010-09-14T19:00:02", "modified": "2010-09-15T04:00:00", "published-epoch": "1284490802", "modified-epoch": "1284523200", "cwe": "CWE-362", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-09-15T13:30:00", "cvss_created-epoch": "1284557400", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["utility"], "short_version": "2.53", "latest_cmp": null, "homepage": null, "url": null, "codetype": "Native", "coverity_scan": {"name": "mountall", "language": "C/C++", "id": 346, "homepage_url": null, "details": {"loc": 27810, "defect_density": {"comparison": 0.35, "over_time": [null], "score": 0.11, "verdict": "low", "loc_range": "less than 100,000"}, "build_date": "2013-04-03", "project_url": "https://scan.coverity.com/projects/mountall", "version": null, "cwe": []}, "repo_url": "https://code.launchpad.net/~ubuntu-branches/ubuntu/raring/mountall/raring", "slug": "mountall", "mapped-name": "mountall"}}, {"extended-objects": [{"confidence": 0.9305555555555556, "sha1": "80a9af5fb4fdc77b4bd622cfe991957aa2b0d8b5", "name": "libmpdec.so.2.4.0", "timestamp": 1389395586, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/lib/x86_64-linux-gnu/libmpdec.so.2.4.0"], "type": "native"}], "objects": ["libmpdec.so.2.4.0"], "version": "2.4.0-6", "lib": "mpdecimal", "distro_version": "2.4.0-6", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 0, "exact": 0, "historical": 0}, "vulns": [], "tags": [], "short_version": "2.4.0-6", "latest_cmp": null, "homepage": null, "url": null, "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 1.0, "sha1": "2147c826722697391676b894fd5dc5da5444dccd", "name": "libncursesw.so.5.9", "timestamp": 1395515122, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libncursesw.so.5.9"], "type": "native"}, {"confidence": 0.2727272727272727, "sha1": "7b655b7d4919cbe1948e40fe04ce442217ce1fd9", "name": "libtinfo.so.5.9", "timestamp": 1395515123, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libtinfo.so.5.9"], "type": "native"}, {"confidence": 1.0, "sha1": "41cf164c1e611950a66617688a51a89eda921552", "name": "libncurses.so.5.9", "timestamp": 1395515119, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libncurses.so.5.9"], "type": "native"}], "objects": ["libncursesw.so.5.9", "libtinfo.so.5.9", "libncurses.so.5.9"], "version": "5.9+20140118-1ubuntu1", "lib": "ncurses", "distro_version": "5.9+20140118-1ubuntu1", "distro": "ubuntu", "latest_version": "6.1", "vuln-count": {"total": 12, "exact": 12, "historical": 0}, "vulns": [{"vuln": {"cve": "CVE-2017-13729", "summary": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", "cvss": "4.3", "published": "2017-08-29T06:29:00", "modified": "2017-08-30T14:26:15", "published-epoch": "1503988140", "modified-epoch": "1504103175", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-08-30T13:01:56", "cvss_created-epoch": "1504098116", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3_score": "6.5"}, "exact": true, "timestamp-objects": ["libncursesw.so.5.9"]}, {"vuln": {"cve": "CVE-2017-10684", "summary": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", "cvss": "7.5", "published": "2017-06-29T23:29:00", "modified": "2017-07-03T13:11:03", "published-epoch": "1498778940", "modified-epoch": "1499087463", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-07-03T00:47:40", "cvss_created-epoch": "1499042860", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "timestamp-objects": ["libncursesw.so.5.9"]}, {"vuln": {"cve": "CVE-2017-11113", "summary": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", "cvss": "5.0", "published": "2017-07-08T17:29:00", "modified": "2017-07-13T12:55:22", "published-epoch": "1499534940", "modified-epoch": "1499950522", "cwe": "CWE-476", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-07-12T15:25:02", "cvss_created-epoch": "1499873102", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "timestamp-objects": ["libncursesw.so.5.9"]}, {"vuln": {"cve": "CVE-2017-13728", "summary": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", "cvss": "4.3", "published": "2017-08-29T06:29:00", "modified": "2017-08-30T15:13:45", "published-epoch": "1503988140", "modified-epoch": "1504106025", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-08-30T14:58:43", "cvss_created-epoch": "1504105123", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "timestamp-objects": ["libncursesw.so.5.9"]}, {"vuln": {"cve": "CVE-2017-13732", "summary": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", "cvss": "4.3", "published": "2017-08-29T06:29:00", "modified": "2017-08-30T14:27:10", "published-epoch": "1503988140", "modified-epoch": "1504103230", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-08-30T12:59:43", "cvss_created-epoch": "1504097983", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3_score": "6.5"}, "exact": true, "timestamp-objects": ["libncursesw.so.5.9"]}, {"vuln": {"cve": "CVE-2017-13733", "summary": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", "cvss": "4.3", "published": "2017-08-29T06:29:00", "modified": "2017-08-30T14:25:17", "published-epoch": "1503988140", "modified-epoch": "1504103117", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-08-30T13:05:39", "cvss_created-epoch": "1504098339", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3_score": "6.5"}, "exact": true, "timestamp-objects": ["libncursesw.so.5.9"]}, {"vuln": {"cve": "CVE-2017-10685", "summary": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", "cvss": "7.5", "published": "2017-06-29T23:29:00", "modified": "2017-07-03T13:11:18", "published-epoch": "1498778940", "modified-epoch": "1499087478", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-07-03T00:45:20", "cvss_created-epoch": "1499042720", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "timestamp-objects": ["libncursesw.so.5.9"]}, {"vuln": {"cve": "CVE-2017-11112", "summary": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", "cvss": "5.0", "published": "2017-07-08T17:29:00", "modified": "2017-07-13T12:55:15", "published-epoch": "1499534940", "modified-epoch": "1499950515", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-07-12T15:26:32", "cvss_created-epoch": "1499873192", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "timestamp-objects": ["libncursesw.so.5.9"]}, {"vuln": {"cve": "CVE-2017-13730", "summary": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", "cvss": "4.3", "published": "2017-08-29T06:29:00", "modified": "2017-08-30T14:27:45", "published-epoch": "1503988140", "modified-epoch": "1504103265", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-08-30T12:57:18", "cvss_created-epoch": "1504097838", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3_score": "6.5"}, "exact": true, "timestamp-objects": ["libncursesw.so.5.9"]}, {"vuln": {"cve": "CVE-2017-13731", "summary": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", "cvss": "4.3", "published": "2017-08-29T06:29:00", "modified": "2017-08-30T14:25:44", "published-epoch": "1503988140", "modified-epoch": "1504103144", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-08-30T13:03:28", "cvss_created-epoch": "1504098208", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3_score": "6.5"}, "exact": true, "timestamp-objects": ["libncursesw.so.5.9"]}, {"vuln": {"cve": "CVE-2017-16879", "summary": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", "cvss": "6.8", "published": "2017-11-22T22:29:00", "modified": "2017-12-06T14:08:22", "published-epoch": "1511389740", "modified-epoch": "1512569302", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-12-06T03:01:15", "cvss_created-epoch": "1512529275", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": true, "timestamp-objects": ["libncursesw.so.5.9"]}, {"vuln": {"cve": "CVE-2017-13734", "summary": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", "cvss": "4.3", "published": "2017-08-29T06:29:00", "modified": "2017-08-30T14:44:20", "published-epoch": "1503988140", "modified-epoch": "1504104260", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-08-30T12:54:18", "cvss_created-epoch": "1504097658", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3_score": "6.5"}, "exact": true, "timestamp-objects": ["libncursesw.so.5.9"]}], "tags": ["ui"], "homepage": "https://www.gnu.org/software/ncurses/", "upstream-source": "https://ftp.gnu.org/gnu/ncurses/ncurses-6.1.tar.gz", "latest-version": "6.1", "short_version": "5.9+20140118-1ubuntu1", "latest_cmp": false, "url": "https://ftp.gnu.org/gnu/ncurses/ncurses-6.1.tar.gz", "codetype": "Native", "coverity_scan": {"name": "ncurses", "language": "C/C++", "id": 155, "homepage_url": null, "details": {"loc": 136410, "defect_density": {"comparison": 0.5, "over_time": [{"2016-05-01": 0.16, "2017-06-01": 0.24, "2017-02-01": 0.14, "2017-03-01": 0.15, "2016-09-01": 0.14, "2016-10-01": 0.13}], "score": 0.24, "verdict": "low", "loc_range": "100,000 to 499,999"}, "build_date": "2017-06-10", "project_url": "https://scan.coverity.com/projects/ncurses", "version": "ncurses-6.0-20170610", "cwe": [{"name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "defect_count": 1, "id": 120, "rank": 3, "uri": "http://cwe.mitre.org/top25/#CWE-120"}, {"name": "Use of Potentially Dangerous Function", "defect_count": 7, "id": 676, "rank": 18, "uri": "http://cwe.mitre.org/top25/#CWE-676"}]}, "repo_url": null, "slug": "ncurses", "mapped-name": "ncurses"}}, {"extended-objects": [{"confidence": 0.20689655172413793, "sha1": "3d74217cdb93e730b142e9ccbeea5b5e2af00700", "name": "rarp", "timestamp": 1407253475, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "sbin/rarp"], "type": "native"}, {"confidence": 0.3850574712643678, "sha1": "8c3f05c9c577572df7983b9ddf704d69dfe1975a", "name": "arp", "timestamp": 1407253475, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/sbin/arp"], "type": "native"}, {"confidence": 0.9827586206896551, "sha1": "74421bca240d7e85b5e8c3ebb7d1d36020c17a38", "name": "ifconfig", "timestamp": 1407253475, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "sbin/ifconfig"], "type": "native"}, {"confidence": 0.603448275862069, "sha1": "6cc63622c6476ec2412995b7e05c7aedff86812d", "name": "netstat", "timestamp": 1407253475, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "bin/netstat"], "type": "native"}, {"confidence": 0.3218390804597701, "sha1": "abd0a50c99356c128efc430b5b7aa4dec874f0f7", "name": "route", "timestamp": 1407253475, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "sbin/route"], "type": "native"}, {"confidence": 0.21264367816091953, "sha1": "314be4bc7b567c1e8ce50bac5646d4da76a6895c", "name": "slattach", "timestamp": 1407253475, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "sbin/slattach"], "type": "native"}], "objects": ["rarp", "arp", "ifconfig", "netstat", "route", "slattach"], "version": "1.60-25ubuntu2.1", "lib": "net-tools", "distro_version": "1.60-25ubuntu2.1", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 0, "exact": 0, "historical": 0}, "vulns": [], "tags": ["network", "utility"], "short_version": "1.60-25ubuntu2.1", "latest_cmp": null, "homepage": null, "url": null, "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.23465703971119134, "sha1": "3f6aa222925190d84569b243387e3a8369356001", "name": "libresolv-2.19.so", "timestamp": 1424883410, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libresolv-2.19.so"], "type": "native"}], "objects": ["libresolv-2.19.so"], "version": null, "lib": "netbsd-resolv", "distro_version": null, "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 0, "exact": 0, "historical": 0}, "vulns": [], "tags": ["client", "dns", "protocol"], "short_version": "", "latest_cmp": null, "homepage": null, "url": null, "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 1.0, "sha1": "615f68e6726c919abb467e0faf83f18327d6dd9b", "name": "libnewt.so.0.52.15", "timestamp": 1395589492, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libnewt.so.0.52.15"], "type": "native"}], "objects": ["libnewt.so.0.52.15"], "version": "0.52.15-2ubuntu5", "lib": "newt", "distro_version": "0.52.15-2ubuntu5", "distro": "ubuntu", "latest_version": "0.52.20", "vuln-count": {"total": 1, "exact": 0, "historical": 1}, "vulns": [{"vuln": {"cve": "CVE-2009-2905", "summary": "Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box.", "cvss": "4.6", "published": "2009-09-29T19:30:00", "modified": "2017-09-19T01:29:20", "published-epoch": "1254252600", "modified-epoch": "1505784560", "cwe": "CWE-119", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-09-30T11:55:00", "cvss_created-epoch": "1254311700", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["ui"], "homepage": "https://pagure.io/newt", "upstream-source": "https://pagure.io/releases/newt/newt-0.52.20.tar.gz", "latest-version": "0.52.20", "short_version": "0.52.15-2ubuntu5", "latest_cmp": false, "url": "https://pagure.io/releases/newt/newt-0.52.20.tar.gz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.936, "sha1": "a8731eed8a76f1956c11e61145f9a0fbe8ef097e", "name": "libldap_r-2.4.so.2.8.3", "timestamp": 1395099086, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2.8.3"], "type": "native"}], "objects": ["libldap_r-2.4.so.2.8.3"], "version": "2.4.31-1+nmu2ubuntu8", "lib": "openldap", "distro_version": "2.4.31-1+nmu2ubuntu8", "distro": "ubuntu", "cpe": ["cpe:/a:openldap:openldap:2.4.31-1+nmu2ubuntu8"], "latest_version": "2.4.46", "vuln-count": {"total": 38, "exact": 7, "historical": 31}, "vulns": [{"vuln": {"cve": "CVE-2013-4449", "summary": "The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.", "cvss": "4.3", "published": "2014-02-05T18:55:06", "modified": "2016-12-08T03:03:35", "published-epoch": "1391626506", "modified-epoch": "1481166215", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-04-01T19:00:53", "cvss_created-epoch": "1459537253", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true, "triage": [{"id": 327, "vuln_id": "CVE-2013-4449", "component": "openldap", "vendor": null, "codetype": "NA", "version": "2.4.31-1+nmu2ubuntu8", "modified": "2018-03-22T23:21:15.010263", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-1545", "summary": "The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.", "cvss": "5.0", "published": "2015-02-12T16:59:06", "modified": "2017-09-08T01:29:49", "published-epoch": "1423760346", "modified-epoch": "1504834189", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-28T17:52:09", "cvss_created-epoch": "1467136329", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true, "triage": [{"id": 324, "vuln_id": "CVE-2015-1545", "component": "openldap", "vendor": null, "codetype": "NA", "version": "2.4.31-1+nmu2ubuntu8", "modified": "2018-03-22T23:21:14.985463", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2012-2668", "summary": "libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information.", "cvss": "4.3", "published": "2012-06-17T03:41:41", "modified": "2017-08-29T01:31:38", "published-epoch": "1339904501", "modified-epoch": "1503970298", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-06-18T21:00:00", "cvss_created-epoch": "1340053200", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true, "triage": [{"id": 332, "vuln_id": "CVE-2012-2668", "component": "openldap", "vendor": null, "codetype": "NA", "version": "2.4.31-1+nmu2ubuntu8", "modified": "2018-03-22T23:21:15.045030", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-6908", "summary": "The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.", "cvss": "5.0", "published": "2015-09-11T16:59:12", "modified": "2016-12-22T03:00:15", "published-epoch": "1441990752", "modified-epoch": "1482375615", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-04-05T14:35:28", "cvss_created-epoch": "1459866928", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true, "triage": [{"id": 321, "vuln_id": "CVE-2015-6908", "component": "openldap", "vendor": null, "codetype": "NA", "version": "2.4.31-1+nmu2ubuntu8", "modified": "2018-03-22T23:21:14.957515", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-14159", "summary": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": "1.9", "published": "2017-09-05T18:29:00", "modified": "2017-09-11T17:33:34", "published-epoch": "1504636140", "modified-epoch": "1505151214", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-09-11T17:03:52", "cvss_created-epoch": "1505149432", "cvss2_vector": "AV:L/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "4.7"}, "exact": true, "triage": [{"id": 338, "vuln_id": "CVE-2017-14159", "component": "openldap", "vendor": null, "codetype": "NA", "version": "2.4.31-1+nmu2ubuntu8", "modified": "2018-03-22T23:21:15.100207", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-17740", "summary": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": "5.0", "published": "2017-12-18T06:29:00", "modified": "2018-01-05T19:13:10", "published-epoch": "1513578540", "modified-epoch": "1515179590", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-01-05T14:57:30", "cvss_created-epoch": "1515164250", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 317, "vuln_id": "CVE-2017-17740", "component": "openldap", "vendor": null, "codetype": "NA", "version": "2.4.31-1+nmu2ubuntu8", "modified": "2018-03-22T23:21:14.909087", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-9287", "summary": "servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.", "cvss": "4.0", "published": "2017-05-29T16:29:00", "modified": "2018-01-05T02:31:54", "published-epoch": "1496075340", "modified-epoch": "1515119514", "cwe": "CWE-415", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-06-08T14:02:10", "cvss_created-epoch": "1496930530", "cvss2_vector": "AV:N/AC:L/Au:S:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "6.5"}, "exact": true, "triage": [{"id": 336, "vuln_id": "CVE-2017-9287", "component": "openldap", "vendor": null, "codetype": "NA", "version": "2.4.31-1+nmu2ubuntu8", "modified": "2018-03-22T23:21:15.074526", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2006-6493", "summary": "Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind request using the LDAP_AUTH_KRBV41 authentication method and long credential data.", "cvss": "5.1", "published": "2006-12-13T00:28:00", "modified": "2011-03-08T02:46:08", "published-epoch": "1165969680", "modified-epoch": "1299552368", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-12-13T17:58:00", "cvss_created-epoch": "1166032680", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2000-0336", "summary": "Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.", "cvss": "2.1", "published": "2000-04-21T04:00:00", "modified": "2008-09-10T19:04:10", "published-epoch": "956289600", "modified-epoch": "1221073450", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2004-0823", "summary": "OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.", "cvss": "7.5", "published": "2004-09-07T04:00:00", "modified": "2017-10-11T01:29:35", "published-epoch": "1094529600", "modified-epoch": "1507685375", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-06-15T19:10:00", "cvss_created-epoch": "1118862600", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2002-1508", "summary": "slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests.", "cvss": "1.2", "published": "2003-02-19T05:00:00", "modified": "2008-09-10T19:14:48", "published-epoch": "1045630800", "modified-epoch": "1221074088", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:H/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2001-0977", "summary": "slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.", "cvss": "5.0", "published": "2001-07-16T04:00:00", "modified": "2017-10-10T01:29:57", "published-epoch": "995256000", "modified-epoch": "1507598997", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2011-1024", "summary": "chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server.", "cvss": "4.6", "published": "2011-03-20T02:00:03", "modified": "2017-01-07T02:59:03", "published-epoch": "1300586403", "modified-epoch": "1483757943", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-03-21T16:36:00", "cvss_created-epoch": "1300725360", "cvss2_vector": "AV:N/AC:H/Au:S:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2006-2754", "summary": "Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname.", "cvss": "5.0", "published": "2006-06-01T17:02:00", "modified": "2011-03-08T02:36:57", "published-epoch": "1149181320", "modified-epoch": "1299551817", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-06-01T23:04:00", "cvss_created-epoch": "1149203040", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2010-0212", "summary": "OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.", "cvss": "5.0", "published": "2010-07-28T12:48:51", "modified": "2017-01-07T02:59:00", "published-epoch": "1280321331", "modified-epoch": "1483757940", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-07-28T14:28:00", "cvss_created-epoch": "1280327280", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2006-4600", "summary": "slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).", "cvss": "2.3", "published": "2006-09-07T00:04:00", "modified": "2017-10-11T01:31:14", "published-epoch": "1157587440", "modified-epoch": "1507685474", "cwe": null, "cvss_access_vector": "ADJACENT_NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-09-07T17:01:00", "cvss_created-epoch": "1157648460", "cvss2_vector": "AV:A/AC:M/Au:S:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2012-1164", "summary": "slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.", "cvss": "2.6", "published": "2012-06-29T19:55:03", "modified": "2017-01-07T02:59:04", "published-epoch": "1340999703", "modified-epoch": "1483757944", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-07-02T14:04:00", "cvss_created-epoch": "1341237840", "cvss2_vector": "AV:N/AC:H/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2011-4079", "summary": "Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry.", "cvss": "4.0", "published": "2011-10-27T20:55:01", "modified": "2017-08-29T01:30:27", "published-epoch": "1319748901", "modified-epoch": "1503970227", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-10-28T13:56:00", "cvss_created-epoch": "1319810160", "cvss2_vector": "AV:N/AC:L/Au:S:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2006-5779", "summary": "OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.", "cvss": "5.0", "published": "2006-11-07T18:07:00", "modified": "2017-07-20T01:33:58", "published-epoch": "1162922820", "modified-epoch": "1500514438", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-11-09T15:37:00", "cvss_created-epoch": "1163086620", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2007-6698", "summary": "The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability.", "cvss": "4.0", "published": "2008-02-01T22:00:00", "modified": "2017-09-29T01:30:03", "published-epoch": "1201903200", "modified-epoch": "1506648603", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-02-04T15:04:00", "cvss_created-epoch": "1202137440", "cvss2_vector": "AV:N/AC:L/Au:S:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2005-2069", "summary": "pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.", "cvss": "5.0", "published": "2005-06-30T04:00:00", "modified": "2017-10-11T01:30:12", "published-epoch": "1120104000", "modified-epoch": "1507685412", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-06-30T18:34:00", "cvss_created-epoch": "1120156440", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2007-5708", "summary": "slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow attackers to cause a denial of service (segmentation fault) via unknown vectors that prevent the array from being null terminated.", "cvss": "7.1", "published": "2007-10-30T19:46:00", "modified": "2011-03-07T05:00:00", "published-epoch": "1193773560", "modified-epoch": "1299474000", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-10-31T10:32:00", "cvss_created-epoch": "1193826720", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2008-0658", "summary": "slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.", "cvss": "4.0", "published": "2008-02-13T21:00:00", "modified": "2017-09-29T01:30:24", "published-epoch": "1202936400", "modified-epoch": "1506648624", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-02-14T17:05:00", "cvss_created-epoch": "1203008700", "cvss2_vector": "AV:N/AC:L/Au:S:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2005-4442", "summary": "Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.", "cvss": "7.2", "published": "2005-12-21T02:03:00", "modified": "2008-09-05T20:56:53", "published-epoch": "1135130580", "modified-epoch": "1220648213", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-12-21T10:49:00", "cvss_created-epoch": "1135162140", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2011-1081", "summary": "modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.", "cvss": "5.0", "published": "2011-03-20T02:00:04", "modified": "2017-08-17T01:33:49", "published-epoch": "1300586404", "modified-epoch": "1502933629", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-03-21T17:20:00", "cvss_created-epoch": "1300728000", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2015-1546", "summary": "Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.", "cvss": "5.0", "published": "2015-02-12T16:59:07", "modified": "2017-09-08T01:29:49", "published-epoch": "1423760347", "modified-epoch": "1504834189", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-28T18:09:52", "cvss_created-epoch": "1467137392", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": ["libldap_r-2.4.so.2.8.3"], "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-3276", "summary": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", "cvss": "5.0", "published": "2015-12-07T20:59:03", "modified": "2016-10-15T02:01:28", "published-epoch": "1449521943", "modified-epoch": "1476496888", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-12-09T15:03:24", "cvss_created-epoch": "1449673404", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": ["libldap_r-2.4.so.2.8.3"], "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2000-0748", "summary": "OpenLDAP 1.2.11 and earlier improperly installs the ud binary with group write permissions, which could allow any user in that group to replace the binary with a Trojan horse.", "cvss": "4.6", "published": "2000-10-20T04:00:00", "modified": "2008-09-05T20:21:47", "published-epoch": "972014400", "modified-epoch": "1220646107", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2003-1201", "summary": "ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault).", "cvss": "5.0", "published": "2003-03-20T05:00:00", "modified": "2017-07-11T01:29:49", "published-epoch": "1048136400", "modified-epoch": "1499736589", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-05-19T16:04:00", "cvss_created-epoch": "1116518640", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2002-1379", "summary": "OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local attackers to execute arbitrary code when libldap reads the .ldaprc file within applications that are running with extra privileges.", "cvss": "7.5", "published": "2003-01-02T05:00:00", "modified": "2008-09-10T19:14:26", "published-epoch": "1041483600", "modified-epoch": "1221074066", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2011-1025", "summary": "bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.", "cvss": "6.8", "published": "2011-03-20T02:00:03", "modified": "2017-01-07T02:59:03", "published-epoch": "1300586403", "modified-epoch": "1483757943", "cwe": "CWE-287", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-03-21T16:52:00", "cvss_created-epoch": "1300726320", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2009-3767", "summary": "libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.", "cvss": "6.8", "published": "2009-10-23T19:30:00", "modified": "2017-09-19T01:29:46", "published-epoch": "1256326200", "modified-epoch": "1505784586", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-10-26T15:34:00", "cvss_created-epoch": "1256571240", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2002-0045", "summary": "slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduct a \"replace\" action on access controls without any values, which causes OpenLDAP to delete non-mandatory attributes that would otherwise be protected by ACLs.", "cvss": "7.5", "published": "2002-01-31T05:00:00", "modified": "2017-10-10T01:30:04", "published-epoch": "1012453200", "modified-epoch": "1507599004", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2002-1378", "summary": "Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allow remote attackers to execute arbitrary code via (1) long -t or -r parameters to slurpd, (2) a malicious ldapfilter.conf file that is not properly handled by getfilter functions, (3) a malicious ldaptemplates.conf that causes an overflow in libldap, (4) a certain access control list that causes an overflow in slapd, or (5) a long generated filename for logging rejected replication requests.", "cvss": "7.5", "published": "2003-01-02T05:00:00", "modified": "2017-07-11T01:29:14", "published-epoch": "1041483600", "modified-epoch": "1499736554", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2010-0211", "summary": "The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.", "cvss": "5.0", "published": "2010-07-28T12:48:51", "modified": "2017-01-07T02:59:00", "published-epoch": "1280321331", "modified-epoch": "1483757940", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-07-28T14:18:00", "cvss_created-epoch": "1280326680", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2008-2952", "summary": "liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.", "cvss": "5.0", "published": "2008-07-01T21:41:00", "modified": "2017-09-29T01:31:26", "published-epoch": "1214948460", "modified-epoch": "1506648686", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-07-02T12:45:00", "cvss_created-epoch": "1215002700", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2007-5707", "summary": "OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent.", "cvss": "7.1", "published": "2007-10-30T19:46:00", "modified": "2017-09-29T01:29:40", "published-epoch": "1193773560", "modified-epoch": "1506648580", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-10-31T10:21:00", "cvss_created-epoch": "1193826060", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2004-1880", "summary": "Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier allows remote attackers to cause a denial of service (memory consumption).", "cvss": "5.0", "published": "2004-12-31T05:00:00", "modified": "2008-09-10T19:32:28", "published-epoch": "1104469200", "modified-epoch": "1221075148", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-05-27T14:48:00", "cvss_created-epoch": "1117205280", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}], "tags": ["protocol"], "homepage": "https://www.openldap.org/software/", "upstream-source": "https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-2.4.46.tgz", "latest-version": "2.4.46", "short_version": "2.4.31-1+nmu2ubuntu8", "latest_cmp": false, "url": "https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-2.4.46.tgz", "codetype": "Native", "coverity_scan": {"name": "OpenLDAP", "language": "C/C++", "id": 170, "homepage_url": "http://www.openldap.org", "details": {"loc": 367401, "defect_density": {"comparison": 0.5, "over_time": [null], "score": 0.0, "verdict": "low", "loc_range": "100,000 to 499,999"}, "build_date": "2015-01-18", "project_url": "https://scan.coverity.com/projects/openldap", "version": "RE24", "cwe": []}, "repo_url": "git://git.openldap.org/openldap.git", "slug": "openldap", "mapped-name": "openldap"}}, {"extended-objects": [{"confidence": 0.4440541896638234, "sha1": "7449d9ce2a2fe3efcd8fba7efb0df7334ee2a609", "name": "ssh", "timestamp": 1399910691, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/bin/ssh"], "type": "native"}, {"confidence": 0.20622177621675866, "sha1": "28d53e13ed25294e19876c0fcf7479d3b272bc1f", "name": "ssh-keygen", "timestamp": 1399910691, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/bin/ssh-keygen"], "type": "native"}, {"confidence": 0.35373808329152034, "sha1": "98df65b404755aca0ec3dadc4b0221483c7bb3c9", "name": "ssh-keyscan", "timestamp": 1399910691, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/bin/ssh-keyscan"], "type": "native"}, {"confidence": 0.388861013547416, "sha1": "12e035eed390274bc6a82583f5b013128c7e26df", "name": "ssh-keysign", "timestamp": 1399910691, "binary-type": "unknown", "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/openssh/ssh-keysign"], "type": "native"}], "objects": ["ssh"], "version": "6.6p1-2ubuntu2", "lib": "openssh", "distro_version": "6.6p1-2ubuntu2", "distro": "ubuntu", "cpe": ["cpe:/a:openssh:openssh:6.6p1-2ubuntu2", "cpe:/a:openbsd:openssh:6.6p1-2ubuntu2"], "latest_version": "7.6p1", "vuln-count": {"total": 92, "exact": 4, "historical": 88}, "vulns": [{"vuln": {"cve": "CVE-2015-5352", "summary": "The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.", "cvss": "4.3", "published": "2015-08-03T01:59:01", "modified": "2018-01-05T02:30:13", "published-epoch": "1438567141", "modified-epoch": "1515119413", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-08-03T11:45:51", "cvss_created-epoch": "1438602351", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true, "triage": [{"id": 301, "vuln_id": "CVE-2015-5352", "component": "openssh", "vendor": null, "codetype": "NA", "version": "6.6p1-2ubuntu2", "modified": "2018-03-22T23:20:43.171491", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-5600", "summary": "The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.", "cvss": "8.5", "published": "2015-08-03T01:59:03", "modified": "2017-11-10T02:29:02", "published-epoch": "1438567143", "modified-epoch": "1510280942", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-10-20T14:18:06", "cvss_created-epoch": "1476973086", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true, "triage": [{"id": 297, "vuln_id": "CVE-2015-5600", "component": "openssh", "vendor": null, "codetype": "NA", "version": "6.6p1-2ubuntu2", "modified": "2018-03-22T23:20:43.125845", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-6563", "summary": "The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.", "cvss": "1.9", "published": "2015-08-24T01:59:00", "modified": "2018-02-04T02:29:01", "published-epoch": "1440381540", "modified-epoch": "1517711341", "cwe": "CWE-20", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-04-05T14:42:14", "cvss_created-epoch": "1459867334", "cvss2_vector": "AV:L/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true, "triage": [{"id": 304, "vuln_id": "CVE-2015-6563", "component": "openssh", "vendor": null, "codetype": "NA", "version": "6.6p1-2ubuntu2", "modified": "2018-03-22T23:20:43.197129", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-6564", "summary": "Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.", "cvss": "6.9", "published": "2015-08-24T01:59:01", "modified": "2018-01-05T02:30:16", "published-epoch": "1440381541", "modified-epoch": "1515119416", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-08-24T13:22:02", "cvss_created-epoch": "1440422522", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true, "triage": [{"id": 299, "vuln_id": "CVE-2015-6564", "component": "openssh", "vendor": null, "codetype": "NA", "version": "6.6p1-2ubuntu2", "modified": "2018-03-22T23:20:43.151781", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2006-5229", "summary": "OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds.", "cvss": "2.6", "published": "2006-10-10T23:07:00", "modified": "2011-08-26T04:00:00", "published-epoch": "1160521620", "modified-epoch": "1314331200", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-10-13T14:57:00", "cvss_created-epoch": "1160751420", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-2760", "summary": "sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability.", "cvss": "6.8", "published": "2004-12-31T05:00:00", "modified": "2009-01-29T05:37:57", "published-epoch": "1104469200", "modified-epoch": "1233207477", "cwe": "CWE-16", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-08-04T18:21:00", "cvss_created-epoch": "1217874060", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-4924", "summary": "sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.", "cvss": "7.8", "published": "2006-09-27T01:07:00", "modified": "2017-10-11T01:31:17", "published-epoch": "1159319220", "modified-epoch": "1507685477", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-09-27T14:15:00", "cvss_created-epoch": "1159366500", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2002-0640", "summary": "Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt).", "cvss": "10.0", "published": "2002-07-03T04:00:00", "modified": "2016-10-18T02:20:57", "published-epoch": "1025668800", "modified-epoch": "1476757257", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-0814", "summary": "The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.", "cvss": "3.5", "published": "2012-01-27T19:55:01", "modified": "2017-08-29T01:31:03", "published-epoch": "1327694101", "modified-epoch": "1503970263", "cwe": "CWE-255", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-01-30T15:58:00", "cvss_created-epoch": "1327939080", "cvss2_vector": "AV:N/AC:M/Au:S:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-2768", "summary": "OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.", "cvss": "4.3", "published": "2007-05-21T20:30:00", "modified": "2008-09-05T21:23:58", "published-epoch": "1179779400", "modified-epoch": "1220649838", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-05-22T16:33:00", "cvss_created-epoch": "1179851580", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-1999-1010", "summary": "An SSH 1.2.27 server allows a client to use the \"none\" cipher, even if it is not allowed by the server policy.", "cvss": "2.1", "published": "1999-12-14T05:00:00", "modified": "2016-10-18T02:00:09", "published-epoch": "945147600", "modified-epoch": "1476756009", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-4925", "summary": "packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.", "cvss": "5.0", "published": "2006-09-29T00:07:00", "modified": "2010-09-15T05:26:54", "published-epoch": "1159488420", "modified-epoch": "1284528414", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-10-02T11:53:00", "cvss_created-epoch": "1159789980", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-3844", "summary": "Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.", "cvss": "9.3", "published": "2008-08-27T20:41:00", "modified": "2017-08-08T01:32:12", "published-epoch": "1219869660", "modified-epoch": "1502155932", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-11-08T15:10:41", "cvss_created-epoch": "1478617841", "cvss2_vector": "AV:N/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-2797", "summary": "OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding (\"-D\" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.", "cvss": "5.0", "published": "2005-09-06T17:03:00", "modified": "2016-12-08T03:00:07", "published-epoch": "1126026180", "modified-epoch": "1481166007", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-09-06T17:15:00", "cvss_created-epoch": "1126026900", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2001-1459", "summary": "OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.", "cvss": "7.5", "published": "2001-06-19T04:00:00", "modified": "2017-07-11T01:29:08", "published-epoch": "992923200", "modified-epoch": "1499736548", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-6565", "summary": "sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence.", "cvss": "7.2", "published": "2015-08-24T01:59:02", "modified": "2017-09-02T01:29:00", "published-epoch": "1440381542", "modified-epoch": "1504315740", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-24T22:48:45", "cvss_created-epoch": "1466808525", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2001-0144", "summary": "CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.", "cvss": "10.0", "published": "2001-03-12T05:00:00", "modified": "2016-10-18T02:10:01", "published-epoch": "984373200", "modified-epoch": "1476756601", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2001-1029", "summary": "libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.", "cvss": "2.1", "published": "2001-09-20T04:00:00", "modified": "2017-10-10T01:29:58", "published-epoch": "1000958400", "modified-epoch": "1507598998", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-4755", "summary": "The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.", "cvss": "4.0", "published": "2011-03-02T20:00:00", "modified": "2014-08-08T21:01:22", "published-epoch": "1299096000", "modified-epoch": "1407531682", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-08-08T21:01:21", "cvss_created-epoch": "1407531681", "cvss2_vector": "AV:N/AC:L/Au:S:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-2798", "summary": "sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.", "cvss": "5.0", "published": "2005-09-06T17:03:00", "modified": "2017-10-11T01:30:19", "published-epoch": "1126026180", "modified-epoch": "1507685419", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-09-06T17:17:00", "cvss_created-epoch": "1126027020", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-0777", "summary": "The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.", "cvss": "4.0", "published": "2016-01-14T22:59:01", "modified": "2017-11-21T02:29:02", "published-epoch": "1452812341", "modified-epoch": "1511231342", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-10-20T15:17:28", "cvss_created-epoch": "1476976648", "cvss2_vector": "AV:N/AC:L/Au:S:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "6.5"}, "exact": false}, {"vuln": {"cve": "CVE-2004-0175", "summary": "Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.", "cvss": "4.3", "published": "2004-08-18T04:00:00", "modified": "2017-10-11T01:29:22", "published-epoch": "1092801600", "modified-epoch": "1507685362", "cwe": "CWE-22", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-2666", "summary": "SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.", "cvss": "1.2", "published": "2005-08-23T04:00:00", "modified": "2017-10-11T01:30:18", "published-epoch": "1124769600", "modified-epoch": "1507685418", "cwe": "CWE-255", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-08-23T18:54:00", "cvss_created-epoch": "1124823240", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-8325", "summary": "The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.", "cvss": "7.2", "published": "2016-05-01T01:59:00", "modified": "2018-01-05T02:30:20", "published-epoch": "1462067940", "modified-epoch": "1515119420", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-05-05T16:04:05", "cvss_created-epoch": "1462464245", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": false}, {"vuln": {"cve": "CVE-2016-6515", "summary": "The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.", "cvss": "7.8", "published": "2016-08-07T21:59:09", "modified": "2018-01-05T02:31:06", "published-epoch": "1470607149", "modified-epoch": "1515119466", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-08-23T12:35:31", "cvss_created-epoch": "1471955731", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0787", "summary": "The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.", "cvss": "7.5", "published": "2003-11-17T05:00:00", "modified": "2008-09-10T19:20:26", "published-epoch": "1069045200", "modified-epoch": "1221074426", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-4109", "summary": "A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.", "cvss": "5.0", "published": "2008-09-18T15:04:27", "modified": "2017-08-08T01:32:25", "published-epoch": "1221750267", "modified-epoch": "1502155945", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-09-18T18:12:00", "cvss_created-epoch": "1221761520", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-5051", "summary": "Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.", "cvss": "9.3", "published": "2006-09-27T23:07:00", "modified": "2017-10-11T01:31:17", "published-epoch": "1159398420", "modified-epoch": "1507685477", "cwe": "CWE-362", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-09-28T18:30:00", "cvss_created-epoch": "1159468200", "cvss2_vector": "AV:N/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-1908", "summary": "The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.", "cvss": "7.5", "published": "2017-04-11T18:59:00", "modified": "2018-01-05T02:30:35", "published-epoch": "1491937140", "modified-epoch": "1515119435", "cwe": "CWE-254", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-04-17T16:54:15", "cvss_created-epoch": "1492448055", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": false}, {"vuln": {"cve": "CVE-2014-2532", "summary": "sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.", "cvss": "5.8", "published": "2014-03-18T05:18:19", "modified": "2017-08-29T01:34:31", "published-epoch": "1395119899", "modified-epoch": "1503970471", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-04-25T17:57:36", "cvss_created-epoch": "1461607056", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:N", "cvss3_vector": "AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", "cvss3_score": "4.9"}, "exact": false}, {"vuln": {"cve": "CVE-2002-0639", "summary": "Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.", "cvss": "10.0", "published": "2002-07-03T04:00:00", "modified": "2016-10-18T02:20:55", "published-epoch": "1025668800", "modified-epoch": "1476757255", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-5107", "summary": "The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.", "cvss": "5.0", "published": "2013-03-07T20:55:01", "modified": "2017-09-19T01:31:49", "published-epoch": "1362689701", "modified-epoch": "1505784709", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-24T16:51:15", "cvss_created-epoch": "1466787075", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-1483", "summary": "OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.", "cvss": "6.9", "published": "2008-03-24T23:44:00", "modified": "2017-09-29T01:30:44", "published-epoch": "1206402240", "modified-epoch": "1506648644", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-08-08T20:41:53", "cvss_created-epoch": "1407530513", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2001-1507", "summary": "OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.", "cvss": "7.5", "published": "2001-12-31T05:00:00", "modified": "2008-09-10T19:10:51", "published-epoch": "1009774800", "modified-epoch": "1221073851", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-09-23T17:23:00", "cvss_created-epoch": "1127496180", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2001-0361", "summary": "Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a \"Bleichenbacher attack\" on PKCS#1 version 1.5.", "cvss": "4.0", "published": "2001-06-27T04:00:00", "modified": "2016-10-18T02:10:45", "published-epoch": "993614400", "modified-epoch": "1476756645", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-3259", "summary": "OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.", "cvss": "1.2", "published": "2008-07-22T16:41:00", "modified": "2017-08-08T01:31:43", "published-epoch": "1216744860", "modified-epoch": "1502155903", "cwe": "CWE-200", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-08-08T20:52:37", "cvss_created-epoch": "1407531157", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-10010", "summary": "sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.", "cvss": "6.9", "published": "2017-01-05T02:59:03", "modified": "2017-12-02T02:29:00", "published-epoch": "1483585143", "modified-epoch": "1512181740", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-01-05T15:14:45", "cvss_created-epoch": "1483629285", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "7.0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-10012", "summary": "The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.", "cvss": "7.2", "published": "2017-01-05T02:59:03", "modified": "2018-01-05T02:30:31", "published-epoch": "1483585143", "modified-epoch": "1515119431", "cwe": "CWE-119", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-01-05T15:55:40", "cvss_created-epoch": "1483631740", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": false}, {"vuln": {"cve": "CVE-2002-0575", "summary": "Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges.", "cvss": "7.5", "published": "2002-06-18T04:00:00", "modified": "2016-10-18T02:20:45", "published-epoch": "1024372800", "modified-epoch": "1476757245", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2000-0525", "summary": "OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.", "cvss": "10.0", "published": "2000-06-08T04:00:00", "modified": "2017-10-10T01:29:10", "published-epoch": "960436800", "modified-epoch": "1507598950", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2001-1382", "summary": "The \"echo simulation\" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used.", "cvss": "5.0", "published": "2001-09-27T04:00:00", "modified": "2008-09-05T20:26:24", "published-epoch": "1001563200", "modified-epoch": "1220646384", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-3234", "summary": "sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.", "cvss": "6.5", "published": "2008-07-18T16:41:00", "modified": "2017-09-29T01:31:35", "published-epoch": "1216399260", "modified-epoch": "1506648695", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-08-08T20:46:44", "cvss_created-epoch": "1407530804", "cvss2_vector": "AV:N/AC:L/Au:S:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-0225", "summary": "scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.", "cvss": "4.6", "published": "2006-01-25T11:03:00", "modified": "2017-10-11T01:30:36", "published-epoch": "1138186980", "modified-epoch": "1507685436", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-01-25T12:57:00", "cvss_created-epoch": "1138193820", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-3102", "summary": "Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information.", "cvss": "4.3", "published": "2007-10-18T20:17:00", "modified": "2017-10-11T01:32:41", "published-epoch": "1192738620", "modified-epoch": "1507685561", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-08-08T20:40:13", "cvss_created-epoch": "1407530413", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2000-1169", "summary": "OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.", "cvss": "7.5", "published": "2001-01-09T05:00:00", "modified": "2017-10-10T01:29:31", "published-epoch": "979016400", "modified-epoch": "1507598971", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-10011", "summary": "authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.", "cvss": "2.1", "published": "2017-01-05T02:59:03", "modified": "2018-01-05T02:30:31", "published-epoch": "1483585143", "modified-epoch": "1515119431", "cwe": "CWE-320", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-01-05T15:09:07", "cvss_created-epoch": "1483628947", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "5.5"}, "exact": false}, {"vuln": {"cve": "CVE-2010-4478", "summary": "OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.", "cvss": "7.5", "published": "2010-12-06T22:30:31", "modified": "2017-09-19T01:31:46", "published-epoch": "1291674631", "modified-epoch": "1505784706", "cwe": "CWE-287", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-08-08T20:58:07", "cvss_created-epoch": "1407531487", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2003-1562", "summary": "sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.", "cvss": "7.6", "published": "2003-12-31T05:00:00", "modified": "2008-09-05T04:00:00", "published-epoch": "1072846800", "modified-epoch": "1220587200", "cwe": "CWE-362", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-08-04T18:32:00", "cvss_created-epoch": "1217874720", "cvss2_vector": "AV:N/AC:H/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2001-0529", "summary": "OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack.", "cvss": "7.2", "published": "2001-08-14T04:00:00", "modified": "2017-10-10T01:29:46", "published-epoch": "997761600", "modified-epoch": "1507598986", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2001-0572", "summary": "The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.", "cvss": "7.5", "published": "2001-08-22T04:00:00", "modified": "2008-09-05T20:24:26", "published-epoch": "998452800", "modified-epoch": "1220646266", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-3115", "summary": "Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.", "cvss": "5.5", "published": "2016-03-22T10:59:02", "modified": "2018-01-05T02:30:40", "published-epoch": "1458644342", "modified-epoch": "1515119440", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-09-10T02:20:40", "cvss_created-epoch": "1473474040", "cvss2_vector": "AV:N/AC:L/Au:S:/C:P/I:P/A:N", "cvss3_vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "cvss3_score": "6.4"}, "exact": false}, {"vuln": {"cve": "CVE-2016-0778", "summary": "The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.", "cvss": "4.6", "published": "2016-01-14T22:59:02", "modified": "2017-02-17T02:59:10", "published-epoch": "1452812342", "modified-epoch": "1487300350", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-10-18T14:36:28", "cvss_created-epoch": "1476801388", "cvss2_vector": "AV:N/AC:H/Au:S:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "8.1"}, "exact": false}, {"vuln": {"cve": "CVE-2016-10009", "summary": "Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.", "cvss": "7.5", "published": "2017-01-05T02:59:00", "modified": "2018-03-16T01:29:00", "published-epoch": "1483585140", "modified-epoch": "1521163740", "cwe": "CWE-426", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-01-05T02:59:00", "cvss_created-epoch": "1483585140", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss3_score": "7.3"}, "exact": false}, {"vuln": {"cve": "CVE-2011-4327", "summary": "ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.", "cvss": "2.1", "published": "2014-02-03T03:55:03", "modified": "2014-02-21T18:12:30", "published-epoch": "1391399703", "modified-epoch": "1393006350", "cwe": "CWE-200", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-02-03T19:43:03", "cvss_created-epoch": "1391456583", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2000-0999", "summary": "Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges.", "cvss": "10.0", "published": "2000-12-11T05:00:00", "modified": "2008-09-05T20:22:23", "published-epoch": "976510800", "modified-epoch": "1220646143", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2001-0816", "summary": "OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.", "cvss": "7.5", "published": "2001-12-06T05:00:00", "modified": "2017-10-10T01:29:53", "published-epoch": "1007614800", "modified-epoch": "1507598993", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2001-1585", "summary": "SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file.", "cvss": "6.8", "published": "2001-12-31T05:00:00", "modified": "2017-07-29T01:29:00", "published-epoch": "1009774800", "modified-epoch": "1501291740", "cwe": "CWE-287", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-10-10T14:54:00", "cvss_created-epoch": "1192028040", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-5052", "summary": "Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI \"authentication abort.\"", "cvss": "5.0", "published": "2006-09-27T23:07:00", "modified": "2017-10-11T01:31:18", "published-epoch": "1159398420", "modified-epoch": "1507685478", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-09-28T18:31:00", "cvss_created-epoch": "1159468260", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-2069", "summary": "sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption).", "cvss": "5.0", "published": "2004-12-31T05:00:00", "modified": "2017-10-11T01:29:46", "published-epoch": "1104469200", "modified-epoch": "1507685386", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-05-25T18:19:00", "cvss_created-epoch": "1117045140", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-5794", "summary": "Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.", "cvss": "7.5", "published": "2006-11-08T20:07:00", "modified": "2017-10-11T01:31:22", "published-epoch": "1163016420", "modified-epoch": "1507685482", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-11-09T16:22:00", "cvss_created-epoch": "1163089320", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-4548", "summary": "The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.", "cvss": "6.0", "published": "2013-11-08T15:55:13", "modified": "2015-11-20T15:59:11", "published-epoch": "1383926113", "modified-epoch": "1448035151", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-11-20T15:37:20", "cvss_created-epoch": "1448033840", "cvss2_vector": "AV:N/AC:M/Au:S:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2001-0872", "summary": "OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.", "cvss": "7.2", "published": "2001-12-21T05:00:00", "modified": "2016-10-18T02:12:40", "published-epoch": "1008910800", "modified-epoch": "1476756760", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-1657", "summary": "OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.", "cvss": "6.5", "published": "2008-04-02T18:44:00", "modified": "2017-08-08T01:30:20", "published-epoch": "1207161840", "modified-epoch": "1502155820", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-04-03T13:14:00", "cvss_created-epoch": "1207228440", "cvss2_vector": "AV:N/AC:L/Au:S:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2000-0992", "summary": "Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.", "cvss": "5.0", "published": "2000-12-19T05:00:00", "modified": "2008-09-05T20:22:22", "published-epoch": "977202000", "modified-epoch": "1220646142", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-10708", "summary": "sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.", "cvss": "5.0", "published": "2018-01-21T22:29:00", "modified": "2018-02-08T13:53:41", "published-epoch": "1516573740", "modified-epoch": "1518098021", "cwe": "CWE-476", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-02-07T19:09:30", "cvss_created-epoch": "1518030570", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0386", "summary": "OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass \"from=\" and \"user@host\" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.", "cvss": "7.5", "published": "2003-07-02T04:00:00", "modified": "2017-10-11T01:29:09", "published-epoch": "1057118400", "modified-epoch": "1507685349", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0695", "summary": "Multiple \"buffer management errors\" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.", "cvss": "7.5", "published": "2003-10-06T04:00:00", "modified": "2016-10-18T02:36:40", "published-epoch": "1065412800", "modified-epoch": "1476758200", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-1653", "summary": "The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.", "cvss": "6.4", "published": "2004-08-31T04:00:00", "modified": "2017-07-11T01:31:13", "published-epoch": "1093924800", "modified-epoch": "1499736673", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-06-01T00:56:00", "cvss_created-epoch": "1117587360", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-2904", "summary": "A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.", "cvss": "6.9", "published": "2009-10-01T15:30:00", "modified": "2017-09-19T01:29:20", "published-epoch": "1254411000", "modified-epoch": "1505784560", "cwe": "CWE-16", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-08-08T20:55:55", "cvss_created-epoch": "1407531355", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2000-0217", "summary": "The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program.", "cvss": "5.1", "published": "2000-02-24T05:00:00", "modified": "2008-09-10T19:03:19", "published-epoch": "951368400", "modified-epoch": "1221073399", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-4752", "summary": "ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.", "cvss": "7.5", "published": "2007-09-12T01:17:00", "modified": "2017-09-29T01:29:22", "published-epoch": "1189559820", "modified-epoch": "1506648562", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-08-08T20:37:42", "cvss_created-epoch": "1407530262", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-0539", "summary": "The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.", "cvss": "5.0", "published": "2011-02-10T18:00:57", "modified": "2017-08-17T01:33:36", "published-epoch": "1297360857", "modified-epoch": "1502933616", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-08-08T20:58:59", "cvss_created-epoch": "1407531539", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-5161", "summary": "Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.", "cvss": "2.6", "published": "2008-11-19T17:30:00", "modified": "2017-09-29T01:32:29", "published-epoch": "1227115800", "modified-epoch": "1506648749", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-08-08T20:54:40", "cvss_created-epoch": "1407531280", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-1907", "summary": "The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.", "cvss": "5.0", "published": "2016-01-19T05:59:10", "modified": "2017-02-17T02:59:10", "published-epoch": "1453183150", "modified-epoch": "1487300350", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-03-04T14:55:34", "cvss_created-epoch": "1457103334", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss3_score": "5.3"}, "exact": false}, {"vuln": {"cve": "CVE-2014-2653", "summary": "The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.", "cvss": "5.8", "published": "2014-03-27T10:55:04", "modified": "2017-01-07T02:59:49", "published-epoch": "1395917704", "modified-epoch": "1483757989", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-10-21T14:13:51", "cvss_created-epoch": "1445436831", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-4654", "summary": "Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash) via a series of large packets designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144), possibly a related issue to CVE-2002-1024.", "cvss": "5.0", "published": "2007-09-04T22:17:00", "modified": "2017-07-29T01:33:05", "published-epoch": "1188944220", "modified-epoch": "1501291985", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-09-05T13:27:00", "cvss_created-epoch": "1188998820", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-9278", "summary": "The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.", "cvss": "4.0", "published": "2014-12-06T15:59:07", "modified": "2017-09-08T01:29:33", "published-epoch": "1417881547", "modified-epoch": "1504834173", "cwe": "CWE-287", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-12-23T17:24:57", "cvss_created-epoch": "1419355497", "cvss2_vector": "AV:N/AC:L/Au:S:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0682", "summary": "\"Memory bugs\" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.", "cvss": "7.5", "published": "2003-10-06T04:00:00", "modified": "2016-10-18T02:36:31", "published-epoch": "1065412800", "modified-epoch": "1476758191", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-6210", "summary": "sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.", "cvss": "4.3", "published": "2017-02-13T17:59:00", "modified": "2018-01-05T02:31:04", "published-epoch": "1487008740", "modified-epoch": "1515119464", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-03-09T16:20:57", "cvss_created-epoch": "1489076457", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "5.9"}, "exact": false}, {"vuln": {"cve": "CVE-2017-15906", "summary": "The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.", "cvss": "5.0", "published": "2017-10-26T03:29:00", "modified": "2018-02-01T02:29:00", "published-epoch": "1508988540", "modified-epoch": "1517452140", "cwe": "CWE-275", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-11-15T14:26:17", "cvss_created-epoch": "1510755977", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss3_score": "5.3"}, "exact": false}, {"vuln": {"cve": "CVE-2011-5000", "summary": "The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.", "cvss": "3.5", "published": "2012-04-05T14:55:03", "modified": "2012-07-22T03:33:00", "published-epoch": "1333637703", "modified-epoch": "1342927980", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-04-05T16:32:00", "cvss_created-epoch": "1333643520", "cvss2_vector": "AV:N/AC:M/Au:S:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2002-0765", "summary": "sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.", "cvss": "7.5", "published": "2002-08-12T04:00:00", "modified": "2008-09-10T19:12:51", "published-epoch": "1029124800", "modified-epoch": "1221073971", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-1692", "summary": "The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.", "cvss": "7.5", "published": "2014-01-29T16:02:05", "modified": "2017-08-29T01:34:27", "published-epoch": "1391011325", "modified-epoch": "1503970467", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-11-20T15:40:32", "cvss_created-epoch": "1448034032", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2000-0143", "summary": "The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP.", "cvss": "4.6", "published": "2000-02-11T05:00:00", "modified": "2008-09-10T19:03:06", "published-epoch": "950245200", "modified-epoch": "1221073386", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0693", "summary": "A \"buffer management error\" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.", "cvss": "10.0", "published": "2003-09-22T04:00:00", "modified": "2017-07-11T01:29:35", "published-epoch": "1064203200", "modified-epoch": "1499736575", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2001-1380", "summary": "OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the \"from\" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.", "cvss": "7.5", "published": "2001-10-18T04:00:00", "modified": "2016-10-18T02:14:47", "published-epoch": "1003377600", "modified-epoch": "1476756887", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2002-0083", "summary": "Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.", "cvss": "10.0", "published": "2002-03-15T05:00:00", "modified": "2016-10-18T02:16:01", "published-epoch": "1016168400", "modified-epoch": "1476756961", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-2243", "summary": "OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.", "cvss": "5.0", "published": "2007-04-25T16:19:00", "modified": "2017-07-29T01:31:19", "published-epoch": "1177517940", "modified-epoch": "1501291879", "cwe": "CWE-287", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-04-26T13:16:00", "cvss_created-epoch": "1177593360", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0786", "summary": "The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.", "cvss": "10.0", "published": "2003-11-17T05:00:00", "modified": "2008-09-10T19:20:26", "published-epoch": "1069045200", "modified-epoch": "1221074426", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-8858", "summary": "** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that \"OpenSSH upstream does not consider this as a security issue.\"", "cvss": "7.8", "published": "2016-12-09T11:59:00", "modified": "2018-02-04T02:29:02", "published-epoch": "1481284740", "modified-epoch": "1517711342", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-09T16:31:55", "cvss_created-epoch": "1481301115", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0190", "summary": "OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.", "cvss": "5.0", "published": "2003-05-12T04:00:00", "modified": "2017-10-11T01:29:06", "published-epoch": "1052712000", "modified-epoch": "1507685346", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-0883", "summary": "OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.", "cvss": "5.0", "published": "2006-03-07T02:02:00", "modified": "2017-07-20T01:30:09", "published-epoch": "1141696920", "modified-epoch": "1500514209", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-03-08T12:51:00", "cvss_created-epoch": "1141822260", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["protocol", "server"], "homepage": "https://www.openssh.com/", "upstream-source": "https://www.mirrorservice.org/pub/OpenBSD/OpenSSH/portable/openssh-7.6p1.tar.gz", "latest-version": "7.6p1", "short_version": "6.6p1-2ubuntu2", "latest_cmp": false, "url": "https://www.mirrorservice.org/pub/OpenBSD/OpenSSH/portable/openssh-7.6p1.tar.gz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.9923430321592649, "sha1": "f1e10adb2ad3dfb26c2fb3d8b029c6941c8b2841", "name": "libssl.so.1.0.0", "timestamp": 1426778195, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libssl.so.1.0.0"], "type": "native", "source-match": "libssl"}, {"confidence": 0.9879019420566698, "sha1": "e723986110a13044f837731d9afe1e0c80428a0a", "name": "libcrypto.so.1.0.0", "timestamp": 1426778195, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libcrypto.so.1.0.0"], "type": "native"}], "objects": ["libssl.so.1.0.0", "libcrypto.so.1.0.0"], "version": "1.0.1f-1ubuntu2.11", "lib": "openssl", "distro_version": "1.0.1f-1ubuntu2.11", "distro": "ubuntu", "cpe": ["cpe:/a:openssl:openssl:1.0.1f-1ubuntu2.11"], "latest_version": "1.1.0g", "vuln-count": {"total": 186, "exact": 38, "historical": 148}, "vulns": [{"vuln": {"cve": "CVE-2014-0160", "summary": "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.", "cvss": "5.0", "published": "2014-04-07T22:55:03", "modified": "2017-12-16T02:29:03", "published-epoch": "1396911303", "modified-epoch": "1513391343", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-10-21T14:03:47", "cvss_created-epoch": "1445436227", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-0195", "summary": "The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.", "cvss": "6.8", "published": "2014-06-05T21:55:06", "modified": "2017-11-15T02:29:02", "published-epoch": "1402005306", "modified-epoch": "1510712942", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-07-08T15:53:12", "cvss_created-epoch": "1467993192", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-0198", "summary": "The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.", "cvss": "4.3", "published": "2014-05-06T10:44:05", "modified": "2017-11-15T02:29:02", "published-epoch": "1399373045", "modified-epoch": "1510712942", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-07-08T15:52:41", "cvss_created-epoch": "1467993161", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-0221", "summary": "The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.", "cvss": "4.3", "published": "2014-06-05T21:55:06", "modified": "2017-11-15T02:29:03", "published-epoch": "1402005306", "modified-epoch": "1510712943", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-07-08T15:52:12", "cvss_created-epoch": "1467993132", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-0224", "summary": "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability.", "cvss": "6.8", "published": "2014-06-05T21:55:07", "modified": "2017-10-20T01:29:02", "published-epoch": "1402005307", "modified-epoch": "1508462942", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-07-08T15:51:38", "cvss_created-epoch": "1467993098", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2016-6302", "summary": "The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.", "cvss": "5.0", "published": "2016-09-16T05:59:12", "modified": "2018-01-18T18:18:06", "published-epoch": "1474005552", "modified-epoch": "1516299486", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-02-23T18:05:05", "cvss_created-epoch": "1487873105", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 176, "vuln_id": "CVE-2016-6302", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.501139", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2016-6303", "summary": "Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.", "cvss": "7.5", "published": "2016-09-16T05:59:13", "modified": "2018-01-18T18:18:06", "published-epoch": "1474005553", "modified-epoch": "1516299486", "cwe": "CWE-787", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-02-23T17:35:14", "cvss_created-epoch": "1487871314", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 169, "vuln_id": "CVE-2016-6303", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.353434", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2016-6304", "summary": "Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.", "cvss": "7.8", "published": "2016-09-26T19:59:00", "modified": "2018-01-18T18:18:06", "published-epoch": "1474919940", "modified-epoch": "1516299486", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-10-12T19:33:03", "cvss_created-epoch": "1476300783", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 166, "vuln_id": "CVE-2016-6304", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.289209", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2016-6306", "summary": "The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.", "cvss": "4.3", "published": "2016-09-26T19:59:02", "modified": "2018-01-18T18:18:06", "published-epoch": "1474919942", "modified-epoch": "1516299486", "cwe": "CWE-125", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-10-18T14:52:54", "cvss_created-epoch": "1476802374", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "5.9"}, "exact": true, "triage": [{"id": 188, "vuln_id": "CVE-2016-6306", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.780175", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2014-3470", "summary": "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.", "cvss": "4.3", "published": "2014-06-05T21:55:07", "modified": "2017-11-15T02:29:04", "published-epoch": "1402005307", "modified-epoch": "1510712944", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-07-08T15:47:51", "cvss_created-epoch": "1467992871", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3505", "summary": "Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.", "cvss": "5.0", "published": "2014-08-13T23:55:07", "modified": "2017-01-07T03:00:02", "published-epoch": "1407974107", "modified-epoch": "1483758002", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-08-14T14:26:32", "cvss_created-epoch": "1408026392", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3506", "summary": "d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.", "cvss": "5.0", "published": "2014-08-13T23:55:07", "modified": "2017-08-29T01:34:46", "published-epoch": "1407974107", "modified-epoch": "1503970486", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-08-14T14:33:07", "cvss_created-epoch": "1408026787", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3507", "summary": "Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.", "cvss": "5.0", "published": "2014-08-13T23:55:07", "modified": "2017-08-29T01:34:46", "published-epoch": "1407974107", "modified-epoch": "1503970486", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-08-14T14:33:52", "cvss_created-epoch": "1408026832", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3508", "summary": "The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.", "cvss": "4.3", "published": "2014-08-13T23:55:07", "modified": "2017-11-15T02:29:04", "published-epoch": "1407974107", "modified-epoch": "1510712944", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-08-14T14:49:47", "cvss_created-epoch": "1408027787", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3509", "summary": "Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data.", "cvss": "6.8", "published": "2014-08-13T23:55:07", "modified": "2017-11-15T02:29:04", "published-epoch": "1407974107", "modified-epoch": "1510712944", "cwe": "CWE-362", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-08-14T15:17:21", "cvss_created-epoch": "1408029441", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3510", "summary": "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite.", "cvss": "4.3", "published": "2014-08-13T23:55:07", "modified": "2017-08-29T01:34:46", "published-epoch": "1407974107", "modified-epoch": "1503970486", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-08-14T14:37:31", "cvss_created-epoch": "1408027051", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3511", "summary": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a \"protocol downgrade\" issue.", "cvss": "4.3", "published": "2014-08-13T23:55:07", "modified": "2017-11-15T02:29:04", "published-epoch": "1407974107", "modified-epoch": "1510712944", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-08-14T15:19:30", "cvss_created-epoch": "1408029570", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3512", "summary": "Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter.", "cvss": "7.5", "published": "2014-08-13T23:55:07", "modified": "2017-08-29T01:34:46", "published-epoch": "1407974107", "modified-epoch": "1503970486", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-08-14T15:19:47", "cvss_created-epoch": "1408029587", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3513", "summary": "Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.", "cvss": "7.1", "published": "2014-10-19T01:55:13", "modified": "2017-01-03T02:59:03", "published-epoch": "1413683713", "modified-epoch": "1483412343", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-07-08T16:16:07", "cvss_created-epoch": "1467994567", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3566", "summary": "The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.", "cvss": "4.3", "published": "2014-10-15T00:55:00", "modified": "2018-02-21T15:35:00", "published-epoch": "1413334500", "modified-epoch": "1519227300", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-10-15T00:55:00", "cvss_created-epoch": "1413334500", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "cvss3_score": "6.8"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3567", "summary": "Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.", "cvss": "7.1", "published": "2014-10-19T01:55:13", "modified": "2017-11-15T02:29:04", "published-epoch": "1413683713", "modified-epoch": "1510712944", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-07-08T15:45:10", "cvss_created-epoch": "1467992710", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3568", "summary": "OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.", "cvss": "4.3", "published": "2014-10-19T01:55:13", "modified": "2017-11-15T02:29:04", "published-epoch": "1413683713", "modified-epoch": "1510712944", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-07-08T16:16:06", "cvss_created-epoch": "1467994566", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3570", "summary": "The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.", "cvss": "5.0", "published": "2015-01-09T02:59:00", "modified": "2017-11-15T02:29:05", "published-epoch": "1420772340", "modified-epoch": "1510712945", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-01-09T14:06:15", "cvss_created-epoch": "1420812375", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3571", "summary": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.", "cvss": "5.0", "published": "2015-01-09T02:59:01", "modified": "2017-10-20T01:29:03", "published-epoch": "1420772341", "modified-epoch": "1508462943", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-28T15:31:12", "cvss_created-epoch": "1467127872", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-3572", "summary": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.", "cvss": "5.0", "published": "2015-01-09T02:59:02", "modified": "2017-11-15T02:29:05", "published-epoch": "1420772342", "modified-epoch": "1510712945", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-08-04T13:45:40", "cvss_created-epoch": "1470318340", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2017-3735", "summary": "While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.", "cvss": "5.0", "published": "2017-08-28T19:29:00", "modified": "2018-02-14T02:29:00", "published-epoch": "1503948540", "modified-epoch": "1518575340", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-08-28T19:29:00", "cvss_created-epoch": "1503948540", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss3_score": "5.3"}, "exact": true, "triage": [{"id": 175, "vuln_id": "CVE-2017-3735", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.480481", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2010-5298", "summary": "Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.", "cvss": "4.0", "published": "2014-04-14T22:38:08", "modified": "2017-11-15T02:29:00", "published-epoch": "1397515088", "modified-epoch": "1510712940", "cwe": "CWE-362", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-01-26T17:26:50", "cvss_created-epoch": "1485451610", "cvss2_vector": "AV:N/AC:H/Au:N:/C:N/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-5139", "summary": "The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.", "cvss": "4.3", "published": "2014-08-13T23:55:07", "modified": "2017-01-07T03:00:26", "published-epoch": "1407974107", "modified-epoch": "1483758026", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-08-14T11:30:14", "cvss_created-epoch": "1408015814", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-8176", "summary": "The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.", "cvss": "7.5", "published": "2015-06-12T19:59:00", "modified": "2018-01-05T02:29:54", "published-epoch": "1434139140", "modified-epoch": "1515119394", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-08-24T15:02:30", "cvss_created-epoch": "1472050950", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true, "triage": [{"id": 172, "vuln_id": "CVE-2014-8176", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.413980", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2014-8275", "summary": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.", "cvss": "5.0", "published": "2015-01-09T02:59:09", "modified": "2017-11-15T02:29:05", "published-epoch": "1420772349", "modified-epoch": "1510712945", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-08-04T13:45:39", "cvss_created-epoch": "1470318339", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-0204", "summary": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.", "cvss": "4.3", "published": "2015-01-09T02:59:10", "modified": "2017-11-15T02:29:05", "published-epoch": "1420772350", "modified-epoch": "1510712945", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-03-25T21:11:32", "cvss_created-epoch": "1427317892", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-0205", "summary": "The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.", "cvss": "5.0", "published": "2015-01-09T02:59:11", "modified": "2017-11-15T02:29:05", "published-epoch": "1420772351", "modified-epoch": "1510712945", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-01-09T15:32:20", "cvss_created-epoch": "1420817540", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-0206", "summary": "Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.", "cvss": "5.0", "published": "2015-01-09T02:59:12", "modified": "2017-10-20T01:29:04", "published-epoch": "1420772352", "modified-epoch": "1508462944", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-01-09T15:38:16", "cvss_created-epoch": "1420817896", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-0209", "summary": "Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.", "cvss": "6.8", "published": "2015-03-19T22:59:02", "modified": "2018-01-05T02:29:58", "published-epoch": "1426805942", "modified-epoch": "1515119398", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-03-20T13:41:49", "cvss_created-epoch": "1426858909", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-0286", "summary": "The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.", "cvss": "5.0", "published": "2015-03-19T22:59:04", "modified": "2018-01-05T02:29:59", "published-epoch": "1426805944", "modified-epoch": "1515119399", "cwe": "CWE-17", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-28T15:31:11", "cvss_created-epoch": "1467127871", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-0287", "summary": "The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.", "cvss": "5.0", "published": "2015-03-19T22:59:05", "modified": "2017-11-15T02:29:06", "published-epoch": "1426805945", "modified-epoch": "1510712946", "cwe": "CWE-17", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-03-20T14:11:36", "cvss_created-epoch": "1426860696", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-0288", "summary": "The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.", "cvss": "5.0", "published": "2015-03-19T22:59:06", "modified": "2017-11-15T02:29:06", "published-epoch": "1426805946", "modified-epoch": "1510712946", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-03-20T14:16:50", "cvss_created-epoch": "1426861010", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-0289", "summary": "The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.", "cvss": "5.0", "published": "2015-03-19T22:59:07", "modified": "2017-10-20T01:29:05", "published-epoch": "1426805947", "modified-epoch": "1508462945", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-07-22T17:01:06", "cvss_created-epoch": "1437584466", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-0292", "summary": "Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.", "cvss": "7.5", "published": "2015-03-19T22:59:10", "modified": "2017-11-15T02:29:06", "published-epoch": "1426805950", "modified-epoch": "1510712946", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-03-20T14:07:48", "cvss_created-epoch": "1426860468", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-0293", "summary": "The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.", "cvss": "5.0", "published": "2015-03-19T22:59:11", "modified": "2018-01-18T18:18:01", "published-epoch": "1426805951", "modified-epoch": "1516299481", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-03-20T14:00:30", "cvss_created-epoch": "1426860030", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-1788", "summary": "The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.", "cvss": "4.3", "published": "2015-06-12T19:59:01", "modified": "2017-11-15T02:29:06", "published-epoch": "1434139141", "modified-epoch": "1510712946", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-11-01T17:05:30", "cvss_created-epoch": "1478019930", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true, "triage": [{"id": 195, "vuln_id": "CVE-2015-1788", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.925855", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2015-1789", "summary": "The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.", "cvss": "4.3", "published": "2015-06-12T19:59:02", "modified": "2017-11-15T02:29:06", "published-epoch": "1434139142", "modified-epoch": "1510712946", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-11-01T17:05:30", "cvss_created-epoch": "1478019930", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 194, "vuln_id": "CVE-2015-1789", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.906706", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2015-1790", "summary": "The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.", "cvss": "5.0", "published": "2015-06-12T19:59:03", "modified": "2017-10-20T01:29:06", "published-epoch": "1434139143", "modified-epoch": "1508462946", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-11-01T17:05:31", "cvss_created-epoch": "1478019931", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true, "triage": [{"id": 187, "vuln_id": "CVE-2015-1790", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.756787", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2015-1791", "summary": "Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.", "cvss": "6.8", "published": "2015-06-12T19:59:04", "modified": "2017-11-15T02:29:06", "published-epoch": "1434139144", "modified-epoch": "1510712946", "cwe": "CWE-362", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-06-15T15:28:25", "cvss_created-epoch": "1434382105", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true, "triage": [{"id": 173, "vuln_id": "CVE-2015-1791", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.433483", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2015-1792", "summary": "The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.", "cvss": "5.0", "published": "2015-06-12T19:59:05", "modified": "2017-11-15T02:29:06", "published-epoch": "1434139145", "modified-epoch": "1510712946", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-06-15T15:19:23", "cvss_created-epoch": "1434381563", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true, "triage": [{"id": 186, "vuln_id": "CVE-2015-1792", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.732088", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2015-3194", "summary": "crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.", "cvss": "5.0", "published": "2015-12-06T20:59:04", "modified": "2018-01-05T02:30:05", "published-epoch": "1449435544", "modified-epoch": "1515119405", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-08T14:24:16", "cvss_created-epoch": "1465395856", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 185, "vuln_id": "CVE-2015-3194", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.711815", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2015-3195", "summary": "The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.", "cvss": "5.0", "published": "2015-12-06T20:59:05", "modified": "2018-01-18T18:18:01", "published-epoch": "1449435545", "modified-epoch": "1516299481", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-29T16:13:45", "cvss_created-epoch": "1467216825", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss3_score": "5.3"}, "exact": true, "triage": [{"id": 184, "vuln_id": "CVE-2015-3195", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.682516", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2015-3196", "summary": "ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.", "cvss": "4.3", "published": "2015-12-06T20:59:06", "modified": "2018-01-05T02:30:05", "published-epoch": "1449435546", "modified-epoch": "1515119405", "cwe": "CWE-362", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-08-25T15:30:46", "cvss_created-epoch": "1472139046", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true, "triage": [{"id": 193, "vuln_id": "CVE-2015-3196", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.887949", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2015-3197", "summary": "ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.", "cvss": "4.3", "published": "2016-02-15T02:59:01", "modified": "2017-11-21T02:29:00", "published-epoch": "1455505141", "modified-epoch": "1511231340", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-04-22T14:09:23", "cvss_created-epoch": "1461334163", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "5.9"}, "exact": true, "triage": [{"id": 192, "vuln_id": "CVE-2015-3197", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.867117", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2016-0702", "summary": "The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack.", "cvss": "1.9", "published": "2016-03-03T20:59:00", "modified": "2018-01-05T02:30:28", "published-epoch": "1457038740", "modified-epoch": "1515119428", "cwe": "CWE-200", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T14:37:05", "cvss_created-epoch": "1482935825", "cvss2_vector": "AV:L/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "5.1"}, "exact": true, "triage": [{"id": 199, "vuln_id": "CVE-2016-0702", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:28.008453", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2016-0703", "summary": "The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.", "cvss": "4.3", "published": "2016-03-02T11:59:00", "modified": "2018-01-18T18:18:03", "published-epoch": "1456919940", "modified-epoch": "1516299483", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T14:37:05", "cvss_created-epoch": "1482935825", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "5.9"}, "exact": true, "triage": [{"id": 190, "vuln_id": "CVE-2016-0703", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.827242", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2016-0704", "summary": "An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.", "cvss": "4.3", "published": "2016-03-02T11:59:01", "modified": "2018-01-18T18:18:03", "published-epoch": "1456919941", "modified-epoch": "1516299483", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T14:37:05", "cvss_created-epoch": "1482935825", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "5.9"}, "exact": true, "triage": [{"id": 189, "vuln_id": "CVE-2016-0704", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.803928", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2016-0705", "summary": "Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.", "cvss": "10.0", "published": "2016-03-03T20:59:00", "modified": "2018-01-05T02:30:29", "published-epoch": "1457038740", "modified-epoch": "1515119429", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T14:37:06", "cvss_created-epoch": "1482935826", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 165, "vuln_id": "CVE-2016-0705", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.266844", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2016-0797", "summary": "Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.", "cvss": "5.0", "published": "2016-03-03T20:59:01", "modified": "2018-01-05T02:30:30", "published-epoch": "1457038741", "modified-epoch": "1515119430", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T14:37:06", "cvss_created-epoch": "1482935826", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 183, "vuln_id": "CVE-2016-0797", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.661135", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2016-0798", "summary": "Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.", "cvss": "7.8", "published": "2016-03-03T20:59:02", "modified": "2017-11-21T02:29:02", "published-epoch": "1457038742", "modified-epoch": "1511231342", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T14:37:06", "cvss_created-epoch": "1482935826", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 168, "vuln_id": "CVE-2016-0798", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.332801", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2016-0799", "summary": "The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.", "cvss": "10.0", "published": "2016-03-03T20:59:03", "modified": "2018-01-05T02:30:30", "published-epoch": "1457038743", "modified-epoch": "1515119430", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T14:37:06", "cvss_created-epoch": "1482935826", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 164, "vuln_id": "CVE-2016-0799", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.240810", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2016-0800", "summary": "The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a \"DROWN\" attack.", "cvss": "4.3", "published": "2016-03-01T20:59:00", "modified": "2018-01-18T18:18:03", "published-epoch": "1456865940", "modified-epoch": "1516299483", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T14:37:07", "cvss_created-epoch": "1482935827", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "5.9"}, "exact": true, "triage": [{"id": 191, "vuln_id": "CVE-2016-0800", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.847718", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2016-2177", "summary": "OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.", "cvss": "7.5", "published": "2016-06-20T01:59:02", "modified": "2018-01-18T18:18:04", "published-epoch": "1466387942", "modified-epoch": "1516299484", "cwe": "CWE-190", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-02-23T19:40:37", "cvss_created-epoch": "1487878837", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 171, "vuln_id": "CVE-2016-2177", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.393865", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2016-2178", "summary": "The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.", "cvss": "2.1", "published": "2016-06-20T01:59:03", "modified": "2018-01-18T18:18:05", "published-epoch": "1466387943", "modified-epoch": "1516299485", "cwe": "CWE-200", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-02-23T19:33:01", "cvss_created-epoch": "1487878381", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "5.5"}, "exact": true, "triage": [{"id": 198, "vuln_id": "CVE-2016-2178", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.986468", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2016-2179", "summary": "The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.", "cvss": "5.0", "published": "2016-09-16T05:59:00", "modified": "2018-01-18T18:18:05", "published-epoch": "1474005540", "modified-epoch": "1516299485", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-02-23T19:04:14", "cvss_created-epoch": "1487876654", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 178, "vuln_id": "CVE-2016-2179", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.546875", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2016-2180", "summary": "The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the \"openssl ts\" command.", "cvss": "5.0", "published": "2016-08-01T02:59:11", "modified": "2018-01-18T18:18:05", "published-epoch": "1470020351", "modified-epoch": "1516299485", "cwe": "CWE-125", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-02-23T18:37:55", "cvss_created-epoch": "1487875075", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 180, "vuln_id": "CVE-2016-2180", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.589664", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2016-2181", "summary": "The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.", "cvss": "5.0", "published": "2016-09-16T05:59:01", "modified": "2018-01-18T18:18:05", "published-epoch": "1474005541", "modified-epoch": "1516299485", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-02-23T18:28:32", "cvss_created-epoch": "1487874512", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 177, "vuln_id": "CVE-2016-2181", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.522556", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2016-2182", "summary": "The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.", "cvss": "7.5", "published": "2016-09-16T05:59:02", "modified": "2018-01-18T18:18:05", "published-epoch": "1474005542", "modified-epoch": "1516299485", "cwe": "CWE-787", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-02-23T18:21:47", "cvss_created-epoch": "1487874107", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 170, "vuln_id": "CVE-2016-2182", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.374370", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2016-2183", "summary": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", "cvss": "5.0", "published": "2016-09-01T00:59:00", "modified": "2018-02-21T15:38:00", "published-epoch": "1472691540", "modified-epoch": "1519227480", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-09-01T00:59:00", "cvss_created-epoch": "1472691540", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 179, "vuln_id": "CVE-2016-2183", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.569450", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2016-2842", "summary": "The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.", "cvss": "10.0", "published": "2016-03-03T20:59:04", "modified": "2018-01-05T02:30:39", "published-epoch": "1457038744", "modified-epoch": "1515119439", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-01-26T17:05:10", "cvss_created-epoch": "1485450310", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 163, "vuln_id": "CVE-2016-2842", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.216725", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2015-4000", "summary": "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.", "cvss": "4.3", "published": "2015-05-21T00:59:00", "modified": "2018-01-05T02:30:07", "published-epoch": "1432169940", "modified-epoch": "1515119407", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-10-20T14:18:05", "cvss_created-epoch": "1476973085", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss3_score": "3.7"}, "exact": true, "triage": [{"id": 196, "vuln_id": "CVE-2015-4000", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.945008", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2016-2105", "summary": "Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.", "cvss": "5.0", "published": "2016-05-05T01:59:01", "modified": "2018-01-18T18:18:03", "published-epoch": "1462413541", "modified-epoch": "1516299483", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T14:37:12", "cvss_created-epoch": "1482935832", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 182, "vuln_id": "CVE-2016-2105", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.631948", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2016-2106", "summary": "Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.", "cvss": "5.0", "published": "2016-05-05T01:59:02", "modified": "2018-01-18T18:18:04", "published-epoch": "1462413542", "modified-epoch": "1516299484", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T14:37:13", "cvss_created-epoch": "1482935833", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 181, "vuln_id": "CVE-2016-2106", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.611403", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2016-2107", "summary": "The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.", "cvss": "2.6", "published": "2016-05-05T01:59:03", "modified": "2018-01-18T18:18:04", "published-epoch": "1462413543", "modified-epoch": "1516299484", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T14:37:13", "cvss_created-epoch": "1482935833", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "5.9"}, "exact": true, "triage": [{"id": 197, "vuln_id": "CVE-2016-2107", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.963434", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2016-2108", "summary": "The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the \"negative zero\" issue.", "cvss": "10.0", "published": "2016-05-05T01:59:04", "modified": "2018-01-05T02:30:36", "published-epoch": "1462413544", "modified-epoch": "1515119436", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T14:37:14", "cvss_created-epoch": "1482935834", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 162, "vuln_id": "CVE-2016-2108", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.152440", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2016-2109", "summary": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.", "cvss": "7.8", "published": "2016-05-05T01:59:05", "modified": "2018-01-18T18:18:04", "published-epoch": "1462413545", "modified-epoch": "1516299484", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T14:37:14", "cvss_created-epoch": "1482935834", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 167, "vuln_id": "CVE-2016-2109", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.310476", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2016-2176", "summary": "The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.", "cvss": "6.4", "published": "2016-05-05T01:59:06", "modified": "2017-11-10T02:29:08", "published-epoch": "1462413546", "modified-epoch": "1510280948", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T14:37:14", "cvss_created-epoch": "1482935834", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "cvss3_score": "8.2"}, "exact": true, "triage": [{"id": 174, "vuln_id": "CVE-2016-2176", "component": "openssl", "vendor": null, "codetype": "NA", "version": "1.0.1f-1ubuntu2.11", "modified": "2018-03-22T10:31:27.453188", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 33, "email": "s.merk@sap.com", "firstname": "Sven", "lastname": "Merk", "username": "d054628"}}]}, {"vuln": {"cve": "CVE-2008-0891", "summary": "Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.", "cvss": "4.3", "published": "2008-05-29T16:32:00", "modified": "2017-08-08T01:29:45", "published-epoch": "1212078720", "modified-epoch": "1502155785", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-05-30T00:38:00", "cvss_created-epoch": "1212107880", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-4343", "summary": "The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.", "cvss": "4.3", "published": "2006-09-28T18:07:00", "modified": "2017-10-11T01:31:12", "published-epoch": "1159466820", "modified-epoch": "1507685472", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-10-02T11:51:00", "cvss_created-epoch": "1159789860", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-1378", "summary": "Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka \"DTLS fragment handling memory leak.\"", "cvss": "5.0", "published": "2009-05-19T19:30:00", "modified": "2017-09-29T01:34:20", "published-epoch": "1242761400", "modified-epoch": "1506648860", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-05-20T12:04:00", "cvss_created-epoch": "1242821040", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-1387", "summary": "The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a \"fragment bug.\"", "cvss": "5.0", "published": "2009-06-04T16:30:00", "modified": "2017-09-29T01:34:21", "published-epoch": "1244133000", "modified-epoch": "1506648861", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-06-04T18:42:00", "cvss_created-epoch": "1244140920", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-7055", "summary": "There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.", "cvss": "2.6", "published": "2017-05-04T20:29:00", "modified": "2018-01-18T18:18:07", "published-epoch": "1493929740", "modified-epoch": "1516299487", "cwe": "CWE-320", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-17T17:03:36", "cvss_created-epoch": "1495040616", "cvss2_vector": "AV:N/AC:H/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "5.9"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0131", "summary": "The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the \"Klima-Pokorny-Rosa attack.\"", "cvss": "7.5", "published": "2003-03-24T05:00:00", "modified": "2017-07-11T01:29:27", "published-epoch": "1048482000", "modified-epoch": "1499736567", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-3193", "summary": "The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.", "cvss": "5.0", "published": "2015-12-06T20:59:02", "modified": "2017-11-30T02:29:01", "published-epoch": "1449435542", "modified-epoch": "1512008941", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-12-07T17:32:36", "cvss_created-epoch": "1449509556", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-2946", "summary": "The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.", "cvss": "5.0", "published": "2005-09-16T22:03:00", "modified": "2009-01-07T05:00:00", "published-epoch": "1126908180", "modified-epoch": "1231304400", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-09-17T00:46:00", "cvss_created-epoch": "1126917960", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-3864", "summary": "Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.", "cvss": "7.6", "published": "2010-11-17T16:00:01", "modified": "2016-08-23T02:02:19", "published-epoch": "1290009601", "modified-epoch": "1471917739", "cwe": "CWE-362", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-11-18T14:16:00", "cvss_created-epoch": "1290089760", "cvss2_vector": "AV:N/AC:H/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-0975", "summary": "The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.", "cvss": "2.1", "published": "2005-02-09T05:00:00", "modified": "2017-10-11T01:29:39", "published-epoch": "1107925200", "modified-epoch": "1507685379", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-3555", "summary": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.", "cvss": "5.8", "published": "2009-11-09T17:30:00", "modified": "2017-09-19T01:29:40", "published-epoch": "1257787800", "modified-epoch": "1505784580", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-11-10T13:40:00", "cvss_created-epoch": "1257860400", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2000-1254", "summary": "crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms.", "cvss": "5.0", "published": "2016-05-05T01:59:00", "modified": "2017-02-02T02:59:00", "published-epoch": "1462413540", "modified-epoch": "1486004340", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-05-06T18:20:53", "cvss_created-epoch": "1462558853", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "7.5"}, "exact": false}, {"vuln": {"cve": "CVE-2010-0742", "summary": "The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.", "cvss": "7.5", "published": "2010-06-03T14:30:01", "modified": "2017-09-19T01:30:29", "published-epoch": "1275575401", "modified-epoch": "1505784629", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-06-04T13:43:00", "cvss_created-epoch": "1275658980", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-7270", "summary": "OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180.", "cvss": "4.3", "published": "2010-12-06T22:30:31", "modified": "2012-04-06T03:07:51", "published-epoch": "1291674631", "modified-epoch": "1333681671", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-12-07T20:57:00", "cvss_created-epoch": "1291755420", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2002-0655", "summary": "OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.", "cvss": "7.5", "published": "2002-08-12T04:00:00", "modified": "2008-09-10T19:12:39", "published-epoch": "1029124800", "modified-epoch": "1221073959", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-1386", "summary": "ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.", "cvss": "5.0", "published": "2009-06-04T16:30:00", "modified": "2017-09-29T01:34:21", "published-epoch": "1244133000", "modified-epoch": "1506648861", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-06-04T18:25:00", "cvss_created-epoch": "1244139900", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-3738", "summary": "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.", "cvss": "10.0", "published": "2006-09-28T18:07:00", "modified": "2017-10-11T01:31:06", "published-epoch": "1159466820", "modified-epoch": "1507685466", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-10-02T11:50:00", "cvss_created-epoch": "1159789800", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-5077", "summary": "OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.", "cvss": "5.8", "published": "2009-01-07T17:30:00", "modified": "2017-09-29T01:32:28", "published-epoch": "1231349400", "modified-epoch": "1506648748", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-01-07T19:40:00", "cvss_created-epoch": "1231357200", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-0081", "summary": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.", "cvss": "5.0", "published": "2004-11-23T05:00:00", "modified": "2017-10-11T01:29:20", "published-epoch": "1101186000", "modified-epoch": "1507685360", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-7053", "summary": "In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.", "cvss": "5.0", "published": "2017-05-04T19:29:00", "modified": "2017-07-28T01:29:02", "published-epoch": "1493926140", "modified-epoch": "1501205342", "cwe": "CWE-476", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-12T14:38:28", "cvss_created-epoch": "1494599908", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": false}, {"vuln": {"cve": "CVE-2017-3731", "summary": "If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.", "cvss": "5.0", "published": "2017-05-04T19:29:00", "modified": "2018-02-14T02:29:00", "published-epoch": "1493926140", "modified-epoch": "1518575340", "cwe": "CWE-125", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-04T19:29:00", "cvss_created-epoch": "1493926140", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": false}, {"vuln": {"cve": "CVE-2002-0656", "summary": "Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.", "cvss": "7.5", "published": "2002-08-12T04:00:00", "modified": "2008-09-10T19:12:40", "published-epoch": "1029124800", "modified-epoch": "1221073960", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-3732", "summary": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.", "cvss": "4.3", "published": "2017-05-04T19:29:00", "modified": "2018-02-14T02:29:00", "published-epoch": "1493926140", "modified-epoch": "1518575340", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-04T19:29:00", "cvss_created-epoch": "1493926140", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "5.9"}, "exact": false}, {"vuln": {"cve": "CVE-2011-4109", "summary": "Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.", "cvss": "9.3", "published": "2012-01-06T01:55:00", "modified": "2017-08-29T01:30:27", "published-epoch": "1325814900", "modified-epoch": "1503970227", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-01-06T13:32:00", "cvss_created-epoch": "1325856720", "cvss2_vector": "AV:N/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-6449", "summary": "The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.", "cvss": "4.3", "published": "2013-12-23T22:55:03", "modified": "2017-01-07T02:59:13", "published-epoch": "1387839303", "modified-epoch": "1483757953", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-07-08T15:57:54", "cvss_created-epoch": "1467993474", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-5536", "summary": "Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors.", "cvss": "4.9", "published": "2007-10-18T00:17:00", "modified": "2017-09-29T01:29:38", "published-epoch": "1192666620", "modified-epoch": "1506648578", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-10-19T01:32:00", "cvss_created-epoch": "1192757520", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2002-1568", "summary": "OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c.", "cvss": "5.0", "published": "2003-11-17T05:00:00", "modified": "2016-10-18T02:27:13", "published-epoch": "1069045200", "modified-epoch": "1476757633", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-7798", "summary": "The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.", "cvss": "5.0", "published": "2017-01-30T22:59:00", "modified": "2017-11-09T02:29:01", "published-epoch": "1485817140", "modified-epoch": "1510194541", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-02-02T02:01:59", "cvss_created-epoch": "1486000919", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "7.5"}, "exact": false}, {"vuln": {"cve": "CVE-2017-3737", "summary": "OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.", "cvss": "4.3", "published": "2017-12-07T16:29:00", "modified": "2018-01-24T02:29:01", "published-epoch": "1512664140", "modified-epoch": "1516760941", "cwe": "CWE-388", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-12-19T15:41:20", "cvss_created-epoch": "1513698080", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "5.9"}, "exact": false}, {"vuln": {"cve": "CVE-2015-0291", "summary": "The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation.", "cvss": "5.0", "published": "2015-03-19T22:59:09", "modified": "2017-10-20T01:29:05", "published-epoch": "1426805949", "modified-epoch": "1508462945", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-04-05T17:42:41", "cvss_created-epoch": "1459878161", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-0050", "summary": "OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.", "cvss": "5.0", "published": "2012-01-19T19:55:01", "modified": "2016-08-23T02:04:49", "published-epoch": "1327002901", "modified-epoch": "1471917889", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-01-20T19:16:00", "cvss_created-epoch": "1327086960", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-1787", "summary": "The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero.", "cvss": "2.6", "published": "2015-03-19T22:59:12", "modified": "2017-10-20T01:29:05", "published-epoch": "1426805952", "modified-epoch": "1508462945", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-28T15:31:13", "cvss_created-epoch": "1467127873", "cvss2_vector": "AV:N/AC:H/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-1945", "summary": "The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.", "cvss": "2.6", "published": "2011-05-31T20:55:05", "modified": "2013-06-06T03:10:23", "published-epoch": "1306875305", "modified-epoch": "1370488223", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-06-01T18:33:00", "cvss_created-epoch": "1306953180", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-1672", "summary": "OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses \"particular cipher suites,\" which triggers a NULL pointer dereference.", "cvss": "4.3", "published": "2008-05-29T16:32:00", "modified": "2017-08-08T01:30:21", "published-epoch": "1212078720", "modified-epoch": "1502155821", "cwe": "CWE-287", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-05-30T13:30:00", "cvss_created-epoch": "1212154200", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-0884", "summary": "The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.", "cvss": "5.0", "published": "2012-03-13T03:12:26", "modified": "2018-01-10T02:29:29", "published-epoch": "1331608346", "modified-epoch": "1515551369", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-03-13T16:18:00", "cvss_created-epoch": "1331655480", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-2939", "summary": "Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.", "cvss": "4.3", "published": "2010-08-17T20:00:03", "modified": "2011-05-04T02:49:32", "published-epoch": "1282075203", "modified-epoch": "1304477372", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-08-18T22:12:00", "cvss_created-epoch": "1282169520", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-2110", "summary": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.", "cvss": "7.5", "published": "2012-04-19T17:55:01", "modified": "2018-01-05T02:29:31", "published-epoch": "1334858101", "modified-epoch": "1515119371", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-10-07T16:09:47", "cvss_created-epoch": "1381162187", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-6450", "summary": "The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.", "cvss": "5.8", "published": "2014-01-01T16:05:15", "modified": "2017-12-09T02:29:02", "published-epoch": "1388592315", "modified-epoch": "1512786542", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-07-08T15:57:28", "cvss_created-epoch": "1467993448", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-4355", "summary": "Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.", "cvss": "5.0", "published": "2010-01-14T19:30:00", "modified": "2017-09-19T01:29:57", "published-epoch": "1263497400", "modified-epoch": "1505784597", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-01-15T15:14:00", "cvss_created-epoch": "1263568440", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-6305", "summary": "The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.", "cvss": "5.0", "published": "2016-09-26T19:59:01", "modified": "2018-01-18T18:18:06", "published-epoch": "1474919941", "modified-epoch": "1516299486", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-09-27T13:08:28", "cvss_created-epoch": "1474981708", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": false}, {"vuln": {"cve": "CVE-2011-0014", "summary": "ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka \"OCSP stapling vulnerability.\"", "cvss": "5.0", "published": "2011-02-19T01:00:01", "modified": "2017-09-19T01:31:49", "published-epoch": "1298077201", "modified-epoch": "1505784709", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-02-21T19:03:00", "cvss_created-epoch": "1298314980", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-7250", "summary": "The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.", "cvss": "5.0", "published": "2012-02-29T11:55:04", "modified": "2018-01-06T02:29:00", "published-epoch": "1330516504", "modified-epoch": "1515205740", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-02-29T14:26:00", "cvss_created-epoch": "1330525560", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-1797", "summary": "The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations.", "cvss": "5.1", "published": "2005-05-26T04:00:00", "modified": "2008-09-05T20:50:07", "published-epoch": "1117080000", "modified-epoch": "1220647807", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-06-01T20:26:00", "cvss_created-epoch": "1117657560", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2002-0659", "summary": "The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.", "cvss": "5.0", "published": "2002-08-12T04:00:00", "modified": "2008-09-10T19:12:40", "published-epoch": "1029124800", "modified-epoch": "1221073960", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-0290", "summary": "The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors.", "cvss": "5.0", "published": "2015-03-19T22:59:08", "modified": "2017-10-20T01:29:05", "published-epoch": "1426805948", "modified-epoch": "1508462945", "cwe": "CWE-17", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-04-01T19:49:09", "cvss_created-epoch": "1459540149", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-0166", "summary": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.", "cvss": "5.0", "published": "2013-02-08T19:55:00", "modified": "2017-09-19T01:35:36", "published-epoch": "1360353300", "modified-epoch": "1505784936", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-02-11T14:38:00", "cvss_created-epoch": "1360593480", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-3569", "summary": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix.", "cvss": "5.0", "published": "2014-12-24T11:59:00", "modified": "2017-11-15T02:29:05", "published-epoch": "1419422340", "modified-epoch": "1510712945", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-12-24T15:23:29", "cvss_created-epoch": "1419434609", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-1678", "summary": "Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.", "cvss": "5.0", "published": "2008-07-10T17:41:00", "modified": "2017-09-29T01:30:49", "published-epoch": "1215711660", "modified-epoch": "1506648649", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-07-10T19:21:00", "cvss_created-epoch": "1215717660", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-1473", "summary": "** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.", "cvss": "5.0", "published": "2012-06-16T21:55:02", "modified": "2016-08-23T02:03:42", "published-epoch": "1339883702", "modified-epoch": "1471917822", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-06-18T18:26:00", "cvss_created-epoch": "1340043960", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-3733", "summary": "During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.", "cvss": "5.0", "published": "2017-05-04T19:29:00", "modified": "2018-02-14T02:29:00", "published-epoch": "1493926140", "modified-epoch": "1518575340", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-04T19:29:00", "cvss_created-epoch": "1493926140", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": false}, {"vuln": {"cve": "CVE-2015-0208", "summary": "The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature.", "cvss": "4.3", "published": "2015-03-19T22:59:01", "modified": "2017-10-20T01:29:04", "published-epoch": "1426805941", "modified-epoch": "1508462944", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-05-31T20:47:11", "cvss_created-epoch": "1464727631", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2001-1141", "summary": "The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.", "cvss": "5.0", "published": "2001-07-10T04:00:00", "modified": "2017-10-10T01:30:01", "published-epoch": "994737600", "modified-epoch": "1507599001", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-0169", "summary": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue.", "cvss": "2.6", "published": "2013-02-08T19:55:01", "modified": "2017-12-09T02:29:01", "published-epoch": "1360353301", "modified-epoch": "1512786541", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-02-11T15:04:00", "cvss_created-epoch": "1360595040", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0544", "summary": "OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.", "cvss": "5.0", "published": "2003-11-17T05:00:00", "modified": "2017-07-11T01:29:33", "published-epoch": "1069045200", "modified-epoch": "1499736573", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-3207", "summary": "crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.", "cvss": "5.0", "published": "2011-09-22T10:55:03", "modified": "2014-03-26T04:22:05", "published-epoch": "1316688903", "modified-epoch": "1395807725", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-09-22T13:38:00", "cvss_created-epoch": "1316698680", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-2969", "summary": "The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.", "cvss": "5.0", "published": "2005-10-18T21:02:00", "modified": "2017-07-11T01:33:04", "published-epoch": "1129669320", "modified-epoch": "1499736784", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-10-19T12:32:00", "cvss_created-epoch": "1129725120", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-6309", "summary": "statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.", "cvss": "10.0", "published": "2016-09-26T19:59:06", "modified": "2018-01-18T18:18:07", "published-epoch": "1474919946", "modified-epoch": "1516299487", "cwe": "CWE-416", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-09-27T13:01:41", "cvss_created-epoch": "1474981301", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": false}, {"vuln": {"cve": "CVE-2009-0653", "summary": "OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.", "cvss": "7.5", "published": "2009-02-20T19:30:00", "modified": "2009-06-25T04:00:00", "published-epoch": "1235158200", "modified-epoch": "1245902400", "cwe": "CWE-287", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-02-23T17:34:00", "cvss_created-epoch": "1235410440", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-1999-0428", "summary": "OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls.", "cvss": "7.5", "published": "1999-03-22T05:00:00", "modified": "2008-09-09T12:34:31", "published-epoch": "922078800", "modified-epoch": "1220963671", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-4619", "summary": "The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.", "cvss": "5.0", "published": "2012-01-06T01:55:01", "modified": "2016-08-23T02:04:40", "published-epoch": "1325814901", "modified-epoch": "1471917880", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-01-06T13:59:00", "cvss_created-epoch": "1325858340", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-0285", "summary": "The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack.", "cvss": "4.3", "published": "2015-03-19T22:59:03", "modified": "2017-10-20T01:29:04", "published-epoch": "1426805943", "modified-epoch": "1508462944", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-03-20T13:08:01", "cvss_created-epoch": "1426856881", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-0590", "summary": "The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.", "cvss": "5.0", "published": "2009-03-27T16:30:00", "modified": "2017-09-29T01:33:54", "published-epoch": "1238171400", "modified-epoch": "1506648834", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-03-27T17:32:00", "cvss_created-epoch": "1238175120", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-0027", "summary": "The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.", "cvss": "5.0", "published": "2012-01-06T01:55:01", "modified": "2014-03-26T04:27:05", "published-epoch": "1325814901", "modified-epoch": "1395808025", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-01-06T14:10:00", "cvss_created-epoch": "1325859000", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-0076", "summary": "The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.", "cvss": "1.9", "published": "2014-03-25T13:25:21", "modified": "2017-12-16T02:29:02", "published-epoch": "1395753921", "modified-epoch": "1513391342", "cwe": "CWE-310", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-07-08T15:56:30", "cvss_created-epoch": "1467993390", "cvss2_vector": "AV:L/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-3730", "summary": "In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.", "cvss": "5.0", "published": "2017-05-04T19:29:00", "modified": "2018-02-14T02:29:00", "published-epoch": "1493926140", "modified-epoch": "1518575340", "cwe": "CWE-476", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-04T19:29:00", "cvss_created-epoch": "1493926140", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": false}, {"vuln": {"cve": "CVE-2016-0701", "summary": "The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.", "cvss": "2.6", "published": "2016-02-15T02:59:18", "modified": "2017-12-13T02:29:09", "published-epoch": "1455505158", "modified-epoch": "1513132149", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T14:37:04", "cvss_created-epoch": "1482935824", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss3_score": "3.7"}, "exact": false}, {"vuln": {"cve": "CVE-2011-4576", "summary": "The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.", "cvss": "5.0", "published": "2012-01-06T01:55:00", "modified": "2016-08-23T02:04:39", "published-epoch": "1325814900", "modified-epoch": "1471917879", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-08-09T14:13:52", "cvss_created-epoch": "1376057632", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-2131", "summary": "Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.", "cvss": "7.5", "published": "2012-04-24T20:55:02", "modified": "2018-01-05T02:29:32", "published-epoch": "1335300902", "modified-epoch": "1515119372", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-04-25T12:51:00", "cvss_created-epoch": "1335358260", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-6308", "summary": "statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages.", "cvss": "7.1", "published": "2016-09-26T19:59:05", "modified": "2018-01-18T18:18:07", "published-epoch": "1474919945", "modified-epoch": "1516299487", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-09-27T12:54:31", "cvss_created-epoch": "1474980871", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:C", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "5.9"}, "exact": false}, {"vuln": {"cve": "CVE-2009-0789", "summary": "OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.", "cvss": "5.0", "published": "2009-03-27T16:30:02", "modified": "2017-08-17T01:30:01", "published-epoch": "1238171402", "modified-epoch": "1502933401", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-03-30T13:13:00", "cvss_created-epoch": "1238418780", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-6307", "summary": "The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c.", "cvss": "4.3", "published": "2016-09-26T19:59:04", "modified": "2018-01-18T18:18:07", "published-epoch": "1474919944", "modified-epoch": "1516299487", "cwe": "CWE-400", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-09-27T13:11:29", "cvss_created-epoch": "1474981889", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "5.9"}, "exact": false}, {"vuln": {"cve": "CVE-2007-4995", "summary": "Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.", "cvss": "9.3", "published": "2007-10-13T01:17:00", "modified": "2017-09-29T01:29:27", "published-epoch": "1192238220", "modified-epoch": "1506648567", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-10-15T17:54:00", "cvss_created-epoch": "1192470840", "cvss2_vector": "AV:N/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-0207", "summary": "The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic to a DTLS 1.2 server.", "cvss": "5.0", "published": "2015-03-19T22:59:00", "modified": "2017-10-20T01:29:04", "published-epoch": "1426805940", "modified-epoch": "1508462944", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-07-22T15:44:24", "cvss_created-epoch": "1437579864", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-7052", "summary": "crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.", "cvss": "5.0", "published": "2016-09-26T19:59:07", "modified": "2018-01-18T18:18:07", "published-epoch": "1474919947", "modified-epoch": "1516299487", "cwe": "CWE-476", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-10-12T19:15:14", "cvss_created-epoch": "1476299714", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0078", "summary": "ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the \"Vaudenay timing attack.\"", "cvss": "5.0", "published": "2003-03-03T05:00:00", "modified": "2016-10-18T02:29:16", "published-epoch": "1046667600", "modified-epoch": "1476757756", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-0591", "summary": "The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.", "cvss": "2.6", "published": "2009-03-27T16:30:01", "modified": "2017-08-17T01:29:55", "published-epoch": "1238171401", "modified-epoch": "1502933395", "cwe": "CWE-287", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-03-27T17:37:00", "cvss_created-epoch": "1238175420", "cvss2_vector": "AV:N/AC:H/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-2937", "summary": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.", "cvss": "7.8", "published": "2006-09-28T18:07:00", "modified": "2017-10-11T01:30:59", "published-epoch": "1159466820", "modified-epoch": "1507685459", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-10-02T11:48:00", "cvss_created-epoch": "1159789680", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-3216", "summary": "Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field.", "cvss": "4.3", "published": "2015-07-07T10:59:00", "modified": "2018-01-05T02:30:06", "published-epoch": "1436266740", "modified-epoch": "1515119406", "cwe": "CWE-362", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-07-09T13:21:36", "cvss_created-epoch": "1436448096", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-3245", "summary": "OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.", "cvss": "10.0", "published": "2010-03-05T19:30:00", "modified": "2017-09-19T01:29:31", "published-epoch": "1267817400", "modified-epoch": "1505784571", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-03-08T13:01:00", "cvss_created-epoch": "1268053260", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-4252", "summary": "OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.", "cvss": "7.5", "published": "2010-12-06T21:05:49", "modified": "2017-09-19T01:31:43", "published-epoch": "1291669549", "modified-epoch": "1505784703", "cwe": "CWE-287", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-12-07T19:55:00", "cvss_created-epoch": "1291751700", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-2940", "summary": "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification.", "cvss": "7.8", "published": "2006-09-28T18:07:00", "modified": "2017-10-11T01:30:59", "published-epoch": "1159466820", "modified-epoch": "1507685459", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-10-02T11:49:00", "cvss_created-epoch": "1159789740", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-1165", "summary": "The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.", "cvss": "5.0", "published": "2012-03-15T17:55:00", "modified": "2018-01-13T02:29:11", "published-epoch": "1331834100", "modified-epoch": "1515810551", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-03-16T13:04:00", "cvss_created-epoch": "1331903040", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0543", "summary": "Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.", "cvss": "5.0", "published": "2003-11-17T05:00:00", "modified": "2011-03-08T02:12:45", "published-epoch": "1069045200", "modified-epoch": "1299550365", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-4354", "summary": "crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts.", "cvss": "5.8", "published": "2012-01-27T00:55:01", "modified": "2012-11-06T05:03:37", "published-epoch": "1327625701", "modified-epoch": "1352178217", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-01-27T15:17:00", "cvss_created-epoch": "1327677420", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-3736", "summary": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.", "cvss": "4.0", "published": "2017-11-02T17:29:00", "modified": "2018-02-14T02:29:00", "published-epoch": "1509643740", "modified-epoch": "1518575340", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-11-02T17:29:00", "cvss_created-epoch": "1509643740", "cvss2_vector": "AV:N/AC:L/Au:S:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "6.5"}, "exact": false}, {"vuln": {"cve": "CVE-2012-2333", "summary": "Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.", "cvss": "6.8", "published": "2012-05-14T22:55:03", "modified": "2018-01-05T02:29:32", "published-epoch": "1337036103", "modified-epoch": "1515119372", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-05-15T14:42:00", "cvss_created-epoch": "1337092920", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-5095", "summary": "The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923.", "cvss": "4.0", "published": "2012-06-20T17:55:01", "modified": "2012-06-21T04:00:00", "published-epoch": "1340214901", "modified-epoch": "1340251200", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-06-21T13:47:00", "cvss_created-epoch": "1340286420", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2000-0535", "summary": "OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.", "cvss": "5.0", "published": "2000-06-12T04:00:00", "modified": "2008-09-10T19:05:00", "published-epoch": "960782400", "modified-epoch": "1221073500", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-0079", "summary": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.", "cvss": "5.0", "published": "2004-11-23T05:00:00", "modified": "2017-10-11T01:29:20", "published-epoch": "1101186000", "modified-epoch": "1507685360", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-0740", "summary": "The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.", "cvss": "5.0", "published": "2010-03-26T18:30:00", "modified": "2017-09-19T01:30:29", "published-epoch": "1269628200", "modified-epoch": "1505784629", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-03-29T13:32:00", "cvss_created-epoch": "1269869520", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-4108", "summary": "The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.", "cvss": "4.3", "published": "2012-01-06T01:55:00", "modified": "2016-08-23T02:04:34", "published-epoch": "1325814900", "modified-epoch": "1471917874", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-01-06T13:09:00", "cvss_created-epoch": "1325855340", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-4180", "summary": "OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.", "cvss": "4.3", "published": "2010-12-06T21:05:48", "modified": "2017-09-19T01:31:41", "published-epoch": "1291669548", "modified-epoch": "1505784701", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-12-07T19:27:00", "cvss_created-epoch": "1291750020", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-1377", "summary": "The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of \"future epoch\" DTLS records that are buffered in a queue, aka \"DTLS record buffer limitation bug.\"", "cvss": "5.0", "published": "2009-05-19T19:30:00", "modified": "2017-09-29T01:34:20", "published-epoch": "1242761400", "modified-epoch": "1506648860", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-05-20T11:59:00", "cvss_created-epoch": "1242820740", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-0928", "summary": "OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a \"fault-based attack.\"", "cvss": "4.0", "published": "2010-03-05T19:30:00", "modified": "2017-08-17T01:32:10", "published-epoch": "1267817400", "modified-epoch": "1502933530", "cwe": "CWE-310", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-03-08T16:09:00", "cvss_created-epoch": "1268064540", "cvss2_vector": "AV:L/AC:H/Au:N:/C:C/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-3738", "summary": "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.", "cvss": "4.3", "published": "2017-12-07T16:29:00", "modified": "2018-02-14T02:29:00", "published-epoch": "1512664140", "modified-epoch": "1518575340", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-12-07T16:29:00", "cvss_created-epoch": "1512664140", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "5.9"}, "exact": false}, {"vuln": {"cve": "CVE-2006-4339", "summary": "OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.", "cvss": "4.3", "published": "2006-09-05T17:04:00", "modified": "2017-10-11T01:31:12", "published-epoch": "1157475840", "modified-epoch": "1507685472", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-09-05T17:17:00", "cvss_created-epoch": "1157476620", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-0433", "summary": "The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.", "cvss": "4.3", "published": "2010-03-05T19:30:00", "modified": "2017-09-19T01:30:23", "published-epoch": "1267817400", "modified-epoch": "1505784623", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-03-08T14:27:00", "cvss_created-epoch": "1268058420", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-7054", "summary": "In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.", "cvss": "5.0", "published": "2017-05-04T19:29:00", "modified": "2017-09-03T01:29:11", "published-epoch": "1493926140", "modified-epoch": "1504402151", "cwe": "CWE-284", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-12T16:47:08", "cvss_created-epoch": "1494607628", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0851", "summary": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.", "cvss": "5.0", "published": "2003-12-01T05:00:00", "modified": "2016-10-18T02:38:03", "published-epoch": "1070254800", "modified-epoch": "1476758283", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-1794", "summary": "The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message.", "cvss": "5.0", "published": "2015-12-06T20:59:00", "modified": "2017-09-14T01:29:00", "published-epoch": "1449435540", "modified-epoch": "1505352540", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-12-07T17:23:11", "cvss_created-epoch": "1449508991", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-0166", "summary": "OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.", "cvss": "7.8", "published": "2008-05-13T17:20:00", "modified": "2017-09-29T01:30:09", "published-epoch": "1210699200", "modified-epoch": "1506648609", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-05-13T18:25:00", "cvss_created-epoch": "1210703100", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0147", "summary": "OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms (\"Karatsuba\" and normal).", "cvss": "5.0", "published": "2003-03-31T05:00:00", "modified": "2016-10-18T02:30:07", "published-epoch": "1049086800", "modified-epoch": "1476757807", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-1633", "summary": "RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information.", "cvss": "6.4", "published": "2010-06-03T14:30:01", "modified": "2014-03-26T04:05:31", "published-epoch": "1275575401", "modified-epoch": "1395806731", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-06-04T14:10:00", "cvss_created-epoch": "1275660600", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-3210", "summary": "The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.", "cvss": "5.0", "published": "2011-09-22T10:55:03", "modified": "2014-03-26T04:22:06", "published-epoch": "1316688903", "modified-epoch": "1395807726", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-09-22T13:43:00", "cvss_created-epoch": "1316698980", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0545", "summary": "Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.", "cvss": "10.0", "published": "2003-11-17T05:00:00", "modified": "2011-03-08T02:12:45", "published-epoch": "1069045200", "modified-epoch": "1299550365", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-3108", "summary": "The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.", "cvss": "1.2", "published": "2007-08-08T01:17:00", "modified": "2017-10-11T01:32:42", "published-epoch": "1186535820", "modified-epoch": "1507685562", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-08-08T13:16:00", "cvss_created-epoch": "1186578960", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-5135", "summary": "Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.", "cvss": "6.8", "published": "2007-09-27T20:17:00", "modified": "2017-09-29T01:29:30", "published-epoch": "1190924220", "modified-epoch": "1506648570", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-09-28T11:44:00", "cvss_created-epoch": "1190979840", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-8610", "summary": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.", "cvss": "5.0", "published": "2017-11-13T22:29:00", "modified": "2018-01-12T02:29:00", "published-epoch": "1510612140", "modified-epoch": "1515724140", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-11-29T15:52:19", "cvss_created-epoch": "1511970739", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": false}, {"vuln": {"cve": "CVE-2009-2409", "summary": "The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.", "cvss": "5.1", "published": "2009-07-30T19:30:00", "modified": "2017-09-19T01:29:06", "published-epoch": "1248982200", "modified-epoch": "1505784546", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-07-31T12:59:00", "cvss_created-epoch": "1249045140", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-1793", "summary": "The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.", "cvss": "6.4", "published": "2015-07-09T19:17:00", "modified": "2017-10-20T01:29:06", "published-epoch": "1436469420", "modified-epoch": "1508462946", "cwe": "CWE-254", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-04-22T16:42:18", "cvss_created-epoch": "1461343338", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss3_score": "6.5"}, "exact": false}, {"vuln": {"cve": "CVE-2013-4353", "summary": "The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.", "cvss": "4.3", "published": "2014-01-09T01:55:03", "modified": "2017-01-07T02:59:10", "published-epoch": "1389232503", "modified-epoch": "1483757950", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-01-09T20:05:20", "cvss_created-epoch": "1389297920", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-0112", "summary": "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.", "cvss": "5.0", "published": "2004-11-23T05:00:00", "modified": "2017-10-11T01:29:21", "published-epoch": "1101186000", "modified-epoch": "1507685361", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-2686", "summary": "crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.", "cvss": "5.0", "published": "2013-02-08T19:55:00", "modified": "2017-09-19T01:34:58", "published-epoch": "1360353300", "modified-epoch": "1505784898", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-02-11T14:55:00", "cvss_created-epoch": "1360594500", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-4577", "summary": "OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.", "cvss": "4.3", "published": "2012-01-06T01:55:00", "modified": "2014-03-26T04:25:16", "published-epoch": "1325814900", "modified-epoch": "1395807916", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-01-06T13:55:00", "cvss_created-epoch": "1325858100", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["crypto", "protocol"], "homepage": "https://openssl.org/", "upstream-source": "https://www.openssl.org/source/openssl-1.1.0g.tar.gz", "latest-version": "1.1.0g", "short_version": "1.0.1f-1ubuntu2.11", "latest_cmp": false, "url": "https://www.openssl.org/source/openssl-1.1.0g.tar.gz", "codetype": "Native", "coverity_scan": {"name": "openssl/openssl", "language": "C/C++", "id": 294, "homepage_url": "https://www.openssl.org/", "details": {"loc": 339148, "defect_density": {"comparison": 0.5, "over_time": [{"2016-08-01": 0.25, "2018-03-01": 0.24, "2018-01-01": 0.3, "2016-06-01": 0.07, "2018-02-01": 0.3, "2017-11-01": 0.32, "2016-04-01": 0.48, "2017-08-01": 0.3, "2017-01-01": 0.26, "2017-07-01": 0.32, "2017-12-01": 0.32, "2017-03-01": 0.32, "2017-09-01": 0.29, "2017-10-01": 0.3}], "score": 0.24, "verdict": "low", "loc_range": "100,000 to 499,999"}, "build_date": "2018-03-19", "project_url": "https://scan.coverity.com/projects/openssl", "version": "OpenSSL_1_1_1-pre2-181-gdd07e68", "cwe": [{"name": "Integer Overflow or Wraparound", "defect_count": 3, "id": 190, "rank": 24, "uri": "http://cwe.mitre.org/top25/#CWE-190"}, {"name": "Use of Potentially Dangerous Function", "defect_count": 1, "id": 676, "rank": 18, "uri": "http://cwe.mitre.org/top25/#CWE-676"}]}, "repo_url": "https://github.com/openssl/openssl", "slug": "openssl", "mapped-name": "openssl"}}, {"extended-objects": [{"confidence": 1.0, "sha1": "f19c8f7979829ba738dc629c887429fb072826af", "name": "libp11-kit.so.0.0.0", "timestamp": 1395336842, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/lib/x86_64-linux-gnu/libp11-kit.so.0.0.0"], "type": "native"}], "objects": ["libp11-kit.so.0.0.0"], "version": "0.20.2-2ubuntu2", "lib": "p11-glue", "distro_version": "0.20.2-2ubuntu2", "distro": "ubuntu", "latest_version": "0.23.10", "vuln-count": {"total": 0, "exact": 0, "historical": 0}, "vulns": [], "tags": ["utility"], "homepage": "https://p11-glue.freedesktop.org", "upstream-source": "https://github.com/p11-glue/p11-kit/releases/download/0.23.10/p11-kit-0.23.10.tar.gz", "latest-version": "0.23.10", "short_version": "0.20.2-2ubuntu2", "latest_cmp": false, "url": "https://github.com/p11-glue/p11-kit/releases/download/0.23.10/p11-kit-0.23.10.tar.gz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.9959514170040485, "sha1": "348d81de9bef1a5322c195139d7258108b32e257", "name": "patch", "timestamp": 1427394128, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/bin/patch"], "type": "native"}], "objects": ["patch"], "version": "2.7.1-4ubuntu2", "lib": "patch", "distro_version": "2.7.1-4ubuntu2", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 6, "exact": 5, "historical": 1}, "vulns": [{"vuln": {"cve": "CVE-2015-1196", "summary": "GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.", "cvss": "4.3", "published": "2015-01-21T18:59:57", "modified": "2017-09-08T01:29:47", "published-epoch": "1421866797", "modified-epoch": "1504834187", "cwe": "CWE-59", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-10-20T16:57:47", "cvss_created-epoch": "1476982667", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2016-10713", "summary": "An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.", "cvss": "4.3", "published": "2018-02-13T19:29:00", "modified": "2018-03-06T15:30:00", "published-epoch": "1518550140", "modified-epoch": "1520350200", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-02-13T19:29:00", "cvss_created-epoch": "1518550140", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3_score": "5.5"}, "exact": true, "triage": [{"id": 296, "vuln_id": "CVE-2016-10713", "component": "patch", "vendor": null, "codetype": "NA", "version": "2.7.1-4ubuntu2", "modified": "2018-03-22T23:20:43.120208", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2014-9637", "summary": "GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.", "cvss": "7.1", "published": "2017-08-25T18:29:00", "modified": "2017-08-30T01:16:52", "published-epoch": "1503685740", "modified-epoch": "1504055812", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-08-29T18:53:33", "cvss_created-epoch": "1504032813", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:C", "cvss3_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3_score": "5.5"}, "exact": true, "triage": [{"id": 288, "vuln_id": "CVE-2014-9637", "component": "patch", "vendor": null, "codetype": "NA", "version": "2.7.1-4ubuntu2", "modified": "2018-03-22T23:20:43.042220", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-1395", "summary": "Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.", "cvss": "7.8", "published": "2017-08-25T18:29:00", "modified": "2017-08-30T01:13:07", "published-epoch": "1503685740", "modified-epoch": "1504055587", "cwe": "CWE-22", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-08-29T23:51:14", "cvss_created-epoch": "1504050674", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:C/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 285, "vuln_id": "CVE-2015-1395", "component": "patch", "vendor": null, "codetype": "NA", "version": "2.7.1-4ubuntu2", "modified": "2018-03-22T23:20:43.021687", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2018-6952", "summary": "A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.", "cvss": "5.0", "published": "2018-02-13T19:29:00", "modified": "2018-03-06T15:29:00", "published-epoch": "1518550140", "modified-epoch": "1520350140", "cwe": "CWE-415", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-02-13T19:29:00", "cvss_created-epoch": "1518550140", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 295, "vuln_id": "CVE-2018-6952", "component": "patch", "vendor": null, "codetype": "NA", "version": "2.7.1-4ubuntu2", "modified": "2018-03-22T23:20:43.097537", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2018-6951", "summary": "An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a \"mangled rename\" issue.", "cvss": "5.0", "published": "2018-02-13T19:29:00", "modified": "2018-03-14T13:24:00", "published-epoch": "1518550140", "modified-epoch": "1521033840", "cwe": "CWE-476", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-02-13T19:29:00", "cvss_created-epoch": "1518550140", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 292, "vuln_id": "CVE-2018-6951", "component": "patch", "vendor": null, "codetype": "NA", "version": "2.7.1-4ubuntu2", "modified": "2018-03-22T23:20:43.068554", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}], "tags": ["utility"], "short_version": "2.7.1-4ubuntu2", "latest_cmp": null, "homepage": null, "url": null, "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.7666666666666667, "sha1": "9afccef2b8c4944cd78d25b87bc9198a3cb82406", "name": "libpcre.so.3.13.1", "timestamp": 1386078186, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libpcre.so.3.13.1"], "type": "native"}], "objects": ["libpcre.so.3.13.1"], "version": "8.31-2ubuntu2", "lib": "pcre", "distro_version": "8.31-2ubuntu2", "distro": "ubuntu", "cpe": ["cpe:/a:pcre:perl-compatible_regular_expression_library:8.31-2ubuntu2", "cpe:/a:pcre:perl_compatible_regular_expression_library:8.31-2ubuntu2", "cpe:/a:pcre:pcre:8.31-2ubuntu2"], "latest_version": "8.42", "vuln-count": {"total": 46, "exact": 1, "historical": 45}, "vulns": [{"vuln": {"cve": "CVE-2016-3191", "summary": "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.", "cvss": "7.5", "published": "2016-03-17T23:59:01", "modified": "2018-01-05T02:30:41", "published-epoch": "1458259141", "modified-epoch": "1515119441", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T14:37:16", "cvss_created-epoch": "1482935836", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-2328", "summary": "PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "cvss": "7.5", "published": "2015-12-02T01:59:01", "modified": "2018-01-05T02:30:01", "published-epoch": "1449021541", "modified-epoch": "1515119401", "cwe": "CWE-19", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-04-07T20:47:32", "cvss_created-epoch": "1491598052", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-5073", "summary": "Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.", "cvss": "6.4", "published": "2016-12-13T16:59:06", "modified": "2018-01-05T02:30:12", "published-epoch": "1481648346", "modified-epoch": "1515119412", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-15T15:59:28", "cvss_created-epoch": "1481817568", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "cvss3_score": "9.1"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2017-6004", "summary": "The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.", "cvss": "5.0", "published": "2017-02-16T11:59:00", "modified": "2017-07-25T01:29:11", "published-epoch": "1487246340", "modified-epoch": "1500946151", "cwe": "CWE-125", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-03-15T00:05:36", "cvss_created-epoch": "1489536336", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true}, {"vuln": {"cve": "CVE-2007-1660", "summary": "Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified \"multiple forms of character class\", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.", "cvss": "6.8", "published": "2007-11-07T23:46:00", "modified": "2017-10-11T01:31:56", "published-epoch": "1194479160", "modified-epoch": "1507685516", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-11-08T13:28:00", "cvss_created-epoch": "1194528480", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-7246", "summary": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", "cvss": "6.8", "published": "2017-03-23T21:59:00", "modified": "2017-10-24T01:29:07", "published-epoch": "1490306340", "modified-epoch": "1508808547", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-03-26T19:53:47", "cvss_created-epoch": "1490558027", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": false}, {"vuln": {"cve": "CVE-2007-4768", "summary": "Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.", "cvss": "6.8", "published": "2007-11-07T23:46:00", "modified": "2017-09-29T01:29:22", "published-epoch": "1194479160", "modified-epoch": "1506648562", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-11-09T02:12:00", "cvss_created-epoch": "1194574320", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-11164", "summary": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", "cvss": "7.8", "published": "2017-07-11T03:29:00", "modified": "2017-07-17T13:18:19", "published-epoch": "1499743740", "modified-epoch": "1500297499", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-07-12T19:19:18", "cvss_created-epoch": "1499887158", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": false}, {"vuln": {"cve": "CVE-2017-7186", "summary": "libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.", "cvss": "5.0", "published": "2017-03-20T00:59:00", "modified": "2017-10-24T01:29:07", "published-epoch": "1489971540", "modified-epoch": "1508808547", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-03-22T03:34:55", "cvss_created-epoch": "1490153695", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": false}, {"vuln": {"cve": "CVE-2008-2371", "summary": "Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.", "cvss": "7.5", "published": "2008-07-07T23:41:00", "modified": "2012-10-31T02:57:30", "published-epoch": "1215474060", "modified-epoch": "1351652250", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-07-08T14:43:00", "cvss_created-epoch": "1215528180", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-7225", "summary": "Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a \"malformed POSIX character class\", as demonstrated via an invalid character after a [[ sequence.", "cvss": "4.3", "published": "2007-12-03T20:46:00", "modified": "2017-10-11T01:31:30", "published-epoch": "1196714760", "modified-epoch": "1507685490", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-12-04T16:03:00", "cvss_created-epoch": "1196784180", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-1662", "summary": "Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references.", "cvss": "5.0", "published": "2007-11-07T23:46:00", "modified": "2017-07-29T01:30:53", "published-epoch": "1194479160", "modified-epoch": "1501291853", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-11-08T13:44:00", "cvss_created-epoch": "1194529440", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-3210", "summary": "Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384.", "cvss": "7.5", "published": "2016-12-13T16:59:00", "modified": "2018-01-05T02:30:05", "published-epoch": "1481648340", "modified-epoch": "1515119405", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-15T16:05:24", "cvss_created-epoch": "1481817924", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": false}, {"vuln": {"cve": "CVE-2005-4872", "summary": "Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of named subpatterns, which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.", "cvss": "4.3", "published": "2005-12-31T05:00:00", "modified": "2017-10-11T01:30:31", "published-epoch": "1136005200", "modified-epoch": "1507685431", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-11-21T18:11:00", "cvss_created-epoch": "1195668660", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-4767", "summary": "Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \\p sequence, (2) a \\P sequence, or (3) a \\P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code.", "cvss": "5.0", "published": "2007-11-07T23:46:00", "modified": "2017-07-29T01:33:11", "published-epoch": "1194479160", "modified-epoch": "1501291991", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-11-09T02:09:00", "cvss_created-epoch": "1194574140", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-7230", "summary": "Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions.", "cvss": "4.3", "published": "2007-11-15T19:46:00", "modified": "2017-10-11T01:31:31", "published-epoch": "1195155960", "modified-epoch": "1507685491", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-11-16T03:31:00", "cvss_created-epoch": "1195183860", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-7244", "summary": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", "cvss": "4.3", "published": "2017-03-23T21:59:00", "modified": "2017-10-24T01:29:07", "published-epoch": "1490306340", "modified-epoch": "1508808547", "cwe": "CWE-125", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-03-26T19:56:50", "cvss_created-epoch": "1490558210", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3_score": "5.5"}, "exact": false}, {"vuln": {"cve": "CVE-2006-7227", "summary": "Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.", "cvss": "6.8", "published": "2007-11-14T21:46:00", "modified": "2017-10-11T01:31:30", "published-epoch": "1195076760", "modified-epoch": "1507685490", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-11-15T15:00:00", "cvss_created-epoch": "1195138800", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-7245", "summary": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", "cvss": "6.8", "published": "2017-03-23T21:59:00", "modified": "2017-10-24T01:29:07", "published-epoch": "1490306340", "modified-epoch": "1508808547", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-03-26T19:55:08", "cvss_created-epoch": "1490558108", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": false}, {"vuln": {"cve": "CVE-2015-3217", "summary": "PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/.", "cvss": "5.0", "published": "2016-12-13T16:59:02", "modified": "2018-01-05T02:30:06", "published-epoch": "1481648342", "modified-epoch": "1515119406", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-15T16:10:39", "cvss_created-epoch": "1481818239", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": false}, {"vuln": {"cve": "CVE-2007-4766", "summary": "Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences.", "cvss": "7.5", "published": "2007-11-07T23:46:00", "modified": "2017-07-29T01:33:11", "published-epoch": "1194479160", "modified-epoch": "1501291991", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-11-09T01:44:00", "cvss_created-epoch": "1194572640", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-2491", "summary": "Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.", "cvss": "7.5", "published": "2005-08-23T04:00:00", "modified": "2017-10-11T01:30:17", "published-epoch": "1124769600", "modified-epoch": "1507685417", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-08-23T14:18:00", "cvss_created-epoch": "1124806680", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-9769", "summary": "pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.", "cvss": "7.5", "published": "2016-03-28T16:59:00", "modified": "2016-12-03T03:02:15", "published-epoch": "1459184340", "modified-epoch": "1480734135", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-03-28T18:47:15", "cvss_created-epoch": "1459190835", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss3_score": "7.3"}, "exact": false}, {"vuln": {"cve": "CVE-2008-0674", "summary": "Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.", "cvss": "7.5", "published": "2008-02-18T23:00:00", "modified": "2017-08-08T01:29:41", "published-epoch": "1203375600", "modified-epoch": "1502155781", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-02-19T15:53:00", "cvss_created-epoch": "1203436380", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-1659", "summary": "Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched \"\\Q\\E\" sequences with orphan \"\\E\" codes.", "cvss": "6.8", "published": "2007-11-07T23:46:00", "modified": "2017-10-11T01:31:56", "published-epoch": "1194479160", "modified-epoch": "1507685516", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-11-08T12:46:00", "cvss_created-epoch": "1194525960", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-7228", "summary": "Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.", "cvss": "6.8", "published": "2007-11-14T21:46:00", "modified": "2017-10-11T01:31:31", "published-epoch": "1195076760", "modified-epoch": "1507685491", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-11-15T15:04:00", "cvss_created-epoch": "1195139040", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-8964", "summary": "Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.", "cvss": "5.0", "published": "2014-12-16T18:59:10", "modified": "2017-07-01T01:29:08", "published-epoch": "1418756350", "modified-epoch": "1498872548", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-04-02T17:16:18", "cvss_created-epoch": "1427994978", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-2327", "summary": "PCRE before 8.36 mishandles the /(((a\\2)|(a*)\\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "cvss": "7.5", "published": "2015-12-02T01:59:00", "modified": "2018-01-05T02:30:01", "published-epoch": "1449021540", "modified-epoch": "1515119401", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-12-02T15:30:35", "cvss_created-epoch": "1449070235", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-8380", "summary": "The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \\01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "cvss": "7.5", "published": "2015-12-02T01:59:03", "modified": "2017-07-01T01:29:25", "published-epoch": "1449021543", "modified-epoch": "1498872565", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T15:02:58", "cvss_created-epoch": "1482937378", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-8381", "summary": "The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\\z(?|(?'R')(\\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "cvss": "7.5", "published": "2015-12-02T01:59:04", "modified": "2018-01-05T02:30:20", "published-epoch": "1449021544", "modified-epoch": "1515119420", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T14:56:10", "cvss_created-epoch": "1482936970", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-8383", "summary": "PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "cvss": "7.5", "published": "2015-12-02T01:59:07", "modified": "2018-01-05T02:30:20", "published-epoch": "1449021547", "modified-epoch": "1515119420", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T15:13:45", "cvss_created-epoch": "1482938025", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-8384", "summary": "PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.", "cvss": "7.5", "published": "2015-12-02T01:59:08", "modified": "2018-01-05T02:30:20", "published-epoch": "1449021548", "modified-epoch": "1515119420", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T14:52:32", "cvss_created-epoch": "1482936752", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-8385", "summary": "PCRE before 8.38 mishandles the /(?|(\\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "cvss": "7.5", "published": "2015-12-02T01:59:09", "modified": "2018-01-05T02:30:20", "published-epoch": "1449021549", "modified-epoch": "1515119420", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T14:37:01", "cvss_created-epoch": "1482935821", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-8386", "summary": "PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "cvss": "7.5", "published": "2015-12-02T01:59:10", "modified": "2018-01-05T02:30:20", "published-epoch": "1449021550", "modified-epoch": "1515119420", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T15:46:33", "cvss_created-epoch": "1482939993", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-8387", "summary": "PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "cvss": "7.5", "published": "2015-12-02T01:59:11", "modified": "2017-07-01T01:29:25", "published-epoch": "1449021551", "modified-epoch": "1498872565", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T15:53:22", "cvss_created-epoch": "1482940402", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-8388", "summary": "PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "cvss": "7.5", "published": "2015-12-02T01:59:12", "modified": "2018-01-05T02:30:20", "published-epoch": "1449021552", "modified-epoch": "1515119420", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T15:10:32", "cvss_created-epoch": "1482937832", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-8389", "summary": "PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "cvss": "7.5", "published": "2015-12-02T01:59:13", "modified": "2017-07-01T01:29:25", "published-epoch": "1449021553", "modified-epoch": "1498872565", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T15:15:25", "cvss_created-epoch": "1482938125", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-8390", "summary": "PCRE before 8.38 mishandles the [: and \\\\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "cvss": "7.5", "published": "2015-12-02T01:59:14", "modified": "2017-07-01T01:29:25", "published-epoch": "1449021554", "modified-epoch": "1498872565", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T15:11:44", "cvss_created-epoch": "1482937904", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-8391", "summary": "The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "cvss": "9.0", "published": "2015-12-02T01:59:15", "modified": "2018-01-05T02:30:20", "published-epoch": "1449021555", "modified-epoch": "1515119420", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T14:37:03", "cvss_created-epoch": "1482935823", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-8392", "summary": "PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.", "cvss": "7.5", "published": "2015-12-02T01:59:16", "modified": "2018-01-05T02:30:20", "published-epoch": "1449021556", "modified-epoch": "1515119420", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T15:59:17", "cvss_created-epoch": "1482940757", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-8393", "summary": "pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.", "cvss": "5.0", "published": "2015-12-02T01:59:17", "modified": "2017-07-01T01:29:25", "published-epoch": "1449021557", "modified-epoch": "1498872565", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T15:01:48", "cvss_created-epoch": "1482937308", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-8394", "summary": "PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "cvss": "7.5", "published": "2015-12-02T01:59:18", "modified": "2017-07-01T01:29:26", "published-epoch": "1449021558", "modified-epoch": "1498872566", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T14:37:03", "cvss_created-epoch": "1482935823", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-8395", "summary": "PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.", "cvss": "7.5", "published": "2015-12-02T01:59:19", "modified": "2018-01-05T02:30:20", "published-epoch": "1449021559", "modified-epoch": "1515119420", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T14:51:40", "cvss_created-epoch": "1482936700", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-8382", "summary": "The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.", "cvss": "6.4", "published": "2015-12-02T01:59:05", "modified": "2016-12-28T02:59:23", "published-epoch": "1449021545", "modified-epoch": "1482893963", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T14:37:01", "cvss_created-epoch": "1482935821", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-1283", "summary": "The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\\\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\\){97)?J)?J)(?'R'(?'R'\\){99|(:(?|(?'R')(\\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "cvss": "7.5", "published": "2016-01-03T00:59:03", "modified": "2018-01-05T02:30:33", "published-epoch": "1451782743", "modified-epoch": "1515119433", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-28T14:37:09", "cvss_created-epoch": "1482935829", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": false}, {"vuln": {"cve": "CVE-2007-1661", "summary": "Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the \"\\X?\\d\" and \"\\P{L}?\\d\" patterns.", "cvss": "6.4", "published": "2007-11-07T23:46:00", "modified": "2017-07-29T01:30:53", "published-epoch": "1194479160", "modified-epoch": "1501291853", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-08-14T20:53:42", "cvss_created-epoch": "1376513622", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["regexp"], "homepage": "https://www.pcre.org/", "upstream-source": "https://ftp.pcre.org/pub/pcre/pcre-8.42.tar.bz2", "latest-version": "8.42", "short_version": "8.31-2ubuntu2", "latest_cmp": false, "url": "https://ftp.pcre.org/pub/pcre/pcre-8.42.tar.bz2", "codetype": "Native", "coverity_scan": {"name": "pcre", "language": "C/C++", "id": 189, "homepage_url": "http://pcre.org/", "details": {"loc": 119617, "defect_density": {"comparison": 0.5, "over_time": [{"2017-05-01": 0.6, "2017-11-01": 0.57, "2017-04-01": 0.62, "2018-01-01": 0.54, "2017-06-01": 0.58, "2018-02-01": 0.54, "2017-02-01": 0.63, "2017-08-01": 0.58, "2017-01-01": 0.78, "2017-07-01": 0.58, "2017-12-01": 0.55, "2017-03-01": 0.63, "2017-09-01": 0.58, "2017-10-01": 0.55}], "score": 0.54, "verdict": "high", "loc_range": "100,000 to 499,999"}, "build_date": "2018-02-10", "project_url": "https://scan.coverity.com/projects/pcre", "version": "master", "cwe": []}, "repo_url": "svn://vcs.exim.org/pcre/code/trunk", "slug": "pcre", "mapped-name": "pcre"}}, {"extended-objects": [{"confidence": 0.8158914728682171, "sha1": "ebc6c370510b005d5e16b693a86a97c3bed7ef6c", "name": "libperl.so.5.18.2", "timestamp": 1395946357, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/lib/libperl.so.5.18.2"], "type": "native"}], "objects": ["libperl.so.5.18.2"], "version": "5.18.2-2ubuntu1", "lib": "perl", "distro_version": "5.18.2-2ubuntu1", "distro": "ubuntu", "cpe": ["cpe:/a:perl:perl:5.18.2-2ubuntu1"], "latest_version": "5.26.1", "vuln-count": {"total": 38, "exact": 4, "historical": 34}, "vulns": [{"vuln": {"cve": "CVE-2016-1238", "summary": "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.", "cvss": "7.2", "published": "2016-08-02T14:59:00", "modified": "2017-07-01T01:29:32", "published-epoch": "1470149940", "modified-epoch": "1498872572", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-08-03T17:01:24", "cvss_created-epoch": "1470243684", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": true, "triage": [{"id": 300, "vuln_id": "CVE-2016-1238", "component": "perl", "vendor": null, "codetype": "NA", "version": "5.18.2-2ubuntu1", "modified": "2018-03-22T23:20:43.163981", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2013-7422", "summary": "Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.", "cvss": "7.5", "published": "2015-08-16T23:59:00", "modified": "2016-12-22T02:59:04", "published-epoch": "1439769540", "modified-epoch": "1482375544", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-08-18T17:28:50", "cvss_created-epoch": "1439918930", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true, "triage": [{"id": 298, "vuln_id": "CVE-2013-7422", "component": "perl", "vendor": null, "codetype": "NA", "version": "5.18.2-2ubuntu1", "modified": "2018-03-22T23:20:43.141442", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2014-4330", "summary": "The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.", "cvss": "2.1", "published": "2014-09-30T16:55:06", "modified": "2017-08-29T01:34:56", "published-epoch": "1412096106", "modified-epoch": "1503970496", "cwe": "CWE-119", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-05-05T15:03:48", "cvss_created-epoch": "1462460628", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-8853", "summary": "The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by \"a\\x80.\"", "cvss": "5.0", "published": "2016-05-25T15:59:01", "modified": "2017-07-01T01:29:28", "published-epoch": "1464191941", "modified-epoch": "1498872568", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-05-25T18:27:28", "cvss_created-epoch": "1464200848", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2017-12814", "summary": "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.", "cvss": "7.5", "published": "2017-09-28T01:29:01", "modified": "2017-10-06T18:30:18", "published-epoch": "1506562141", "modified-epoch": "1507314618", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-10-05T18:10:40", "cvss_created-epoch": "1507227040", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": false, "invalidation": {"reason": "Non-affected platform", "reason_text": "Vulnerability does not affect this platform.", "type": "platform"}}, {"vuln": {"cve": "CVE-2017-12837", "summary": "Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\\N{}' escape and the case-insensitive modifier.", "cvss": "5.0", "published": "2017-09-19T18:29:00", "modified": "2017-11-05T01:29:00", "published-epoch": "1505845740", "modified-epoch": "1509845340", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-09-27T02:05:26", "cvss_created-epoch": "1506477926", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 306, "vuln_id": "CVE-2017-12837", "component": "perl", "vendor": null, "codetype": "NA", "version": "5.18.2-2ubuntu1", "modified": "2018-03-22T23:20:43.212722", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-12883", "summary": "Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\\N{U+...}' escape.", "cvss": "6.4", "published": "2017-09-19T18:29:00", "modified": "2017-11-05T01:29:00", "published-epoch": "1505845740", "modified-epoch": "1509845340", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-09-27T16:51:44", "cvss_created-epoch": "1506531104", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "cvss3_score": "9.1"}, "exact": true, "triage": [{"id": 303, "vuln_id": "CVE-2017-12883", "component": "perl", "vendor": null, "codetype": "NA", "version": "5.18.2-2ubuntu1", "modified": "2018-03-22T23:20:43.183865", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2012-6329", "summary": "The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.", "cvss": "7.5", "published": "2013-01-04T21:55:01", "modified": "2016-12-08T03:02:47", "published-epoch": "1357336501", "modified-epoch": "1481166167", "cwe": "CWE-94", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-01-07T13:39:00", "cvss_created-epoch": "1357565940", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-1927", "summary": "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.", "cvss": "5.0", "published": "2008-04-24T05:05:00", "modified": "2017-09-29T01:30:56", "published-epoch": "1209013500", "modified-epoch": "1506648656", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-04-24T19:04:00", "cvss_created-epoch": "1209063840", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-5195", "summary": "Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.", "cvss": "7.5", "published": "2012-12-18T00:55:01", "modified": "2016-12-08T03:02:44", "published-epoch": "1355792101", "modified-epoch": "1481166164", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-12-18T13:51:00", "cvss_created-epoch": "1355838660", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0900", "summary": "Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers.", "cvss": "5.0", "published": "2003-12-31T05:00:00", "modified": "2008-09-05T20:35:32", "published-epoch": "1072846800", "modified-epoch": "1220646932", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-05-24T18:49:00", "cvss_created-epoch": "1116960540", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-5116", "summary": "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.", "cvss": "7.5", "published": "2007-11-07T23:46:00", "modified": "2017-09-29T01:29:29", "published-epoch": "1194479160", "modified-epoch": "1506648569", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-11-09T02:15:00", "cvss_created-epoch": "1194574500", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-4777", "summary": "The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.", "cvss": "4.3", "published": "2014-02-10T18:15:08", "modified": "2014-02-10T18:39:34", "published-epoch": "1392056108", "modified-epoch": "1392057574", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-02-10T18:39:34", "cvss_created-epoch": "1392057574", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-1158", "summary": "Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.", "cvss": "5.0", "published": "2010-04-20T15:30:00", "modified": "2013-10-24T03:22:04", "published-epoch": "1271777400", "modified-epoch": "1382584924", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-04-21T14:52:00", "cvss_created-epoch": "1271861520", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-0452", "summary": "Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.", "cvss": "2.6", "published": "2004-12-21T05:00:00", "modified": "2017-10-11T01:29:26", "published-epoch": "1103605200", "modified-epoch": "1507685366", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-06-15T14:50:00", "cvss_created-epoch": "1118847000", "cvss2_vector": "AV:L/AC:H/Au:N:/C:N/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-0156", "summary": "Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.", "cvss": "2.1", "published": "2005-02-07T05:00:00", "modified": "2017-10-11T01:29:52", "published-epoch": "1107752400", "modified-epoch": "1507685392", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-06-03T17:02:00", "cvss_created-epoch": "1117818120", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-1487", "summary": "The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.", "cvss": "5.0", "published": "2011-04-11T18:55:03", "modified": "2017-08-17T01:34:14", "published-epoch": "1302548103", "modified-epoch": "1502933654", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-04-12T13:17:00", "cvss_created-epoch": "1302614220", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-1151", "summary": "Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.", "cvss": "5.0", "published": "2012-09-09T21:55:05", "modified": "2017-08-29T01:31:13", "published-epoch": "1347227705", "modified-epoch": "1503970273", "cwe": "CWE-134", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-09-10T16:49:00", "cvss_created-epoch": "1347295740", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-1999-0034", "summary": "Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.", "cvss": "7.2", "published": "1997-05-29T04:00:00", "modified": "2008-09-09T12:33:36", "published-epoch": "864878400", "modified-epoch": "1220963616", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-0761", "summary": "Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call.", "cvss": "5.0", "published": "2011-05-13T17:05:41", "modified": "2017-08-17T01:33:43", "published-epoch": "1305306341", "modified-epoch": "1502933623", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-05-13T17:36:00", "cvss_created-epoch": "1305308160", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-0377", "summary": "Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character.", "cvss": "10.0", "published": "2004-05-04T04:00:00", "modified": "2017-07-11T01:30:06", "published-epoch": "1083643200", "modified-epoch": "1499736606", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-2827", "summary": "The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.", "cvss": "4.6", "published": "2008-06-23T19:41:00", "modified": "2017-08-08T01:31:21", "published-epoch": "1214250060", "modified-epoch": "1502155881", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-06-23T20:56:00", "cvss_created-epoch": "1214254560", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-2766", "summary": "The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers.", "cvss": "7.5", "published": "2011-09-23T10:55:03", "modified": "2017-08-29T01:29:33", "published-epoch": "1316775303", "modified-epoch": "1503970173", "cwe": "CWE-287", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-09-23T13:33:00", "cvss_created-epoch": "1316784780", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-0448", "summary": "Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.", "cvss": "1.2", "published": "2005-05-02T04:00:00", "modified": "2017-10-11T01:29:56", "published-epoch": "1115006400", "modified-epoch": "1507685396", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-06-07T18:03:00", "cvss_created-epoch": "1118167380", "cvss2_vector": "AV:L/AC:H/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2000-0703", "summary": "suidperl (aka sperl) does not properly cleanse the escape sequence \"~!\" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the \"interactive\" environmental variable and calling suidperl with a filename that contains the escape sequence.", "cvss": "7.2", "published": "2000-10-20T04:00:00", "modified": "2008-09-10T19:05:39", "published-epoch": "972014400", "modified-epoch": "1221073539", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-3626", "summary": "Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.", "cvss": "5.0", "published": "2009-10-29T14:30:01", "modified": "2017-08-17T01:31:12", "published-epoch": "1256826601", "modified-epoch": "1502933472", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-10-30T14:44:00", "cvss_created-epoch": "1256913840", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-0976", "summary": "Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.", "cvss": "2.1", "published": "2005-02-09T05:00:00", "modified": "2017-10-11T01:29:39", "published-epoch": "1107925200", "modified-epoch": "1507685379", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-3962", "summary": "Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.", "cvss": "4.6", "published": "2005-12-01T17:03:00", "modified": "2017-10-11T01:30:29", "published-epoch": "1133456580", "modified-epoch": "1507685429", "cwe": "CWE-189", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-12-01T17:21:00", "cvss_created-epoch": "1133457660", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-1667", "summary": "The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.", "cvss": "7.5", "published": "2013-03-14T03:13:36", "modified": "2017-09-19T01:36:09", "published-epoch": "1363230816", "modified-epoch": "1505784969", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-03-20T16:52:00", "cvss_created-epoch": "1363798320", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-4278", "summary": "Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.", "cvss": "7.2", "published": "2005-12-16T11:03:00", "modified": "2013-10-24T01:56:09", "published-epoch": "1134730980", "modified-epoch": "1382579769", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-12-16T14:20:00", "cvss_created-epoch": "1134742800", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-2728", "summary": "The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.", "cvss": "4.3", "published": "2012-12-21T05:46:14", "modified": "2013-01-29T05:00:00", "published-epoch": "1356068774", "modified-epoch": "1359435600", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-12-21T14:23:00", "cvss_created-epoch": "1356099780", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-6185", "summary": "The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.", "cvss": "4.6", "published": "2016-08-02T14:59:02", "modified": "2017-07-01T01:29:59", "published-epoch": "1470149942", "modified-epoch": "1498872599", "cwe": "CWE-284", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-08-03T17:18:30", "cvss_created-epoch": "1470244710", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": false}, {"vuln": {"cve": "CVE-2011-2939", "summary": "Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.", "cvss": "5.1", "published": "2012-01-13T18:55:02", "modified": "2013-10-24T03:32:36", "published-epoch": "1326480902", "modified-epoch": "1382585556", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-01-16T14:07:00", "cvss_created-epoch": "1326722820", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-8608", "summary": "The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.", "cvss": "7.5", "published": "2017-02-07T15:59:00", "modified": "2017-08-09T01:29:03", "published-epoch": "1486483140", "modified-epoch": "1502242143", "cwe": "CWE-125", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-02-28T18:39:22", "cvss_created-epoch": "1488307162", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": false}, {"vuln": {"cve": "CVE-2005-0155", "summary": "The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.", "cvss": "4.6", "published": "2005-05-02T04:00:00", "modified": "2017-10-11T01:29:52", "published-epoch": "1115006400", "modified-epoch": "1507685392", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-06-03T16:59:00", "cvss_created-epoch": "1117817940", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-1999-1386", "summary": "Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.", "cvss": "2.1", "published": "1999-12-31T05:00:00", "modified": "2016-10-18T02:03:55", "published-epoch": "946616400", "modified-epoch": "1476756235", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-2381", "summary": "Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.", "cvss": "5.0", "published": "2016-04-08T15:59:05", "modified": "2017-10-20T01:29:09", "published-epoch": "1460131145", "modified-epoch": "1508462949", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-04-12T18:20:32", "cvss_created-epoch": "1460485232", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "cvss3_score": "6.5"}, "exact": false}, {"vuln": {"cve": "CVE-2004-2286", "summary": "Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow.", "cvss": "7.5", "published": "2004-12-31T05:00:00", "modified": "2017-07-11T01:31:46", "published-epoch": "1104469200", "modified-epoch": "1499736706", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-08-05T13:40:00", "cvss_created-epoch": "1123249200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["vm"], "homepage": "https://www.perl.org/", "upstream-source": "https://www.cpan.org/src/5.0/perl-5.26.1.tar.xz", "latest-version": "5.26.1", "short_version": "5.18.2-2ubuntu1", "latest_cmp": false, "url": "https://www.cpan.org/src/5.0/perl-5.26.1.tar.xz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 1.0, "sha1": "c58b2c4142999079e30006a7bb8ce32b787b7451", "name": "libpopt.so.0.0.0", "timestamp": 1386111323, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libpopt.so.0.0.0"], "type": "native"}], "objects": ["libpopt.so.0.0.0"], "version": "1.16-8ubuntu1", "lib": "popt", "distro_version": "1.16-8ubuntu1", "distro": "ubuntu", "latest_version": "1.16", "vuln-count": {"total": 0, "exact": 0, "historical": 0}, "vulns": [], "tags": ["commandline"], "homepage": "http://rpm5.org", "upstream-source": "http://rpm5.org/files/popt/popt-1.16.tar.gz", "latest-version": "1.16", "short_version": "1.16-8ubuntu1", "latest_cmp": true, "url": "http://rpm5.org/files/popt/popt-1.16.tar.gz", "codetype": "Native", "coverity_scan": {"name": "popt", "language": "C/C++", "id": 196, "homepage_url": null, "details": {"loc": 26665, "defect_density": {"comparison": 0.35, "over_time": [{"2016-03-29": 0.0}], "score": 0.0, "verdict": "low", "loc_range": "less than 100,000"}, "build_date": "2016-03-29", "project_url": "https://scan.coverity.com/projects/popt", "version": "1.17.DEVEL", "cwe": []}, "repo_url": null, "slug": "popt", "mapped-name": "popt"}}, {"extended-objects": [{"confidence": 0.9855769230769231, "sha1": "ad5c532e715ab56b8d4fe6692b717150999e3bf8", "name": "ps", "timestamp": 1423598898, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "bin/ps"], "type": "native"}, {"confidence": 0.967741935483871, "sha1": "610f93901a5eacbacc63f23cdf500ca97807589a", "name": "kill", "timestamp": 1423598898, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "bin/kill"], "type": "native", "source-match": "kill"}, {"confidence": 0.967741935483871, "sha1": "610f93901a5eacbacc63f23cdf500ca97807589a", "name": "skill", "timestamp": 1423598898, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/skill"], "type": "native", "source-match": "kill"}], "objects": ["ps"], "version": "3.3.9-1ubuntu2.2", "lib": "procps", "distro_version": "3.3.9-1ubuntu2.2", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 0, "exact": 0, "historical": 0}, "vulns": [], "tags": ["utility"], "short_version": "3.3.9-1ubuntu2.2", "latest_cmp": null, "homepage": null, "url": null, "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.8132145705929275, "sha1": "32f4cb4902bd0dd582b66d0bc1e8b9add55caf3b", "name": "python3.4", "timestamp": 1397225715, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/python3.4"], "type": "native"}, {"confidence": 0.8132145705929275, "sha1": "32f4cb4902bd0dd582b66d0bc1e8b9add55caf3b", "name": "python3.4m", "timestamp": 1397225715, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/python3.4m"], "type": "native"}], "objects": ["python3.4", "python3.4m"], "version": "3.4.0-2ubuntu1", "lib": "python", "distro_version": "3.4.0-2ubuntu1", "distro": "ubuntu", "cpe": ["cpe:/a:python:python:3.4.0-2ubuntu1"], "latest_version": "3.6.4", "vuln-count": {"total": 55, "exact": 7, "historical": 48}, "vulns": [{"vuln": {"cve": "CVE-2016-0772", "summary": "The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a \"StartTLS stripping attack.\"", "cvss": "5.8", "published": "2016-09-02T14:59:00", "modified": "2018-01-05T02:30:30", "published-epoch": "1472828340", "modified-epoch": "1515119430", "cwe": "CWE-693", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-09-02T18:52:00", "cvss_created-epoch": "1472842320", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:N", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N", "cvss3_score": "6.5"}, "exact": true, "triage": [{"id": 271, "vuln_id": "CVE-2016-0772", "component": "python", "vendor": null, "codetype": "NA", "version": "3.4.0-2ubuntu1", "modified": "2018-03-22T23:20:42.891592", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-2183", "summary": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", "cvss": "5.0", "published": "2016-09-01T00:59:00", "modified": "2018-02-21T15:38:00", "published-epoch": "1472691540", "modified-epoch": "1519227480", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-09-01T00:59:00", "cvss_created-epoch": "1472691540", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 274, "vuln_id": "CVE-2016-2183", "component": "python", "vendor": null, "codetype": "NA", "version": "3.4.0-2ubuntu1", "modified": "2018-03-22T23:20:42.916061", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-5636", "summary": "Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.", "cvss": "10.0", "published": "2016-09-02T14:59:06", "modified": "2018-01-05T02:31:03", "published-epoch": "1472828346", "modified-epoch": "1515119463", "cwe": "CWE-190", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-09-02T19:39:54", "cvss_created-epoch": "1472845194", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 265, "vuln_id": "CVE-2016-5636", "component": "python", "vendor": null, "codetype": "NA", "version": "3.4.0-2ubuntu1", "modified": "2018-03-22T23:20:42.847006", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-5699", "summary": "CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.", "cvss": "4.3", "published": "2016-09-02T14:59:07", "modified": "2018-01-05T02:31:03", "published-epoch": "1472828347", "modified-epoch": "1515119463", "cwe": "CWE-113", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-09-02T19:19:47", "cvss_created-epoch": "1472843987", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3_score": "6.1"}, "exact": true, "triage": [{"id": 280, "vuln_id": "CVE-2016-5699", "component": "python", "vendor": null, "codetype": "NA", "version": "3.4.0-2ubuntu1", "modified": "2018-03-22T23:20:42.961389", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2014-2667", "summary": "Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.", "cvss": "3.3", "published": "2014-11-16T01:59:01", "modified": "2017-07-01T01:29:05", "published-epoch": "1416103141", "modified-epoch": "1498872545", "cwe": "CWE-362", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-11-17T17:03:58", "cvss_created-epoch": "1416243838", "cvss2_vector": "AV:L/AC:M/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-4616", "summary": "Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.", "cvss": "4.3", "published": "2017-08-24T20:29:00", "modified": "2018-01-05T02:29:53", "published-epoch": "1503606540", "modified-epoch": "1515119393", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-12-29T18:33:59", "cvss_created-epoch": "1514572439", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "5.9"}, "exact": true, "triage": [{"id": 277, "vuln_id": "CVE-2014-4616", "component": "python", "vendor": null, "codetype": "NA", "version": "3.4.0-2ubuntu1", "modified": "2018-03-22T23:20:42.936229", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2014-9365", "summary": "The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", "cvss": "5.8", "published": "2014-12-12T11:59:07", "modified": "2018-01-05T02:29:55", "published-epoch": "1418385547", "modified-epoch": "1515119395", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-11-01T17:05:20", "cvss_created-epoch": "1478019920", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}, "notes": [{"type": "demoted", "reason": "No TLS certificate verification in stdlib"}]}, {"vuln": {"cve": "CVE-2015-5652", "summary": "Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says \"It was determined that this is a longtime behavior of Python that cannot really be altered at this point.\"", "cvss": "7.2", "published": "2015-10-06T01:59:27", "modified": "2016-11-28T19:35:04", "published-epoch": "1444096767", "modified-epoch": "1480361704", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-11-15T17:04:21", "cvss_created-epoch": "1479229461", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Non-affected platform", "reason_text": "Vulnerability does not affect this platform.", "type": "platform"}}, {"vuln": {"cve": "CVE-2017-17522", "summary": "** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting.", "cvss": "6.8", "published": "2017-12-14T16:29:00", "modified": "2017-12-28T19:13:07", "published-epoch": "1513268940", "modified-epoch": "1514488387", "cwe": "CWE-74", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-12-27T17:25:09", "cvss_created-epoch": "1514395509", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "8.8"}, "exact": true, "triage": [{"id": 268, "vuln_id": "CVE-2017-17522", "component": "python", "vendor": null, "codetype": "NA", "version": "3.4.0-2ubuntu1", "modified": "2018-03-22T23:20:42.870643", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-18207", "summary": "** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications \"need to be prepared to handle a wide variety of exceptions.\"", "cvss": "4.3", "published": "2018-03-01T05:29:00", "modified": "2018-03-23T15:57:00", "published-epoch": "1519882140", "modified-epoch": "1521820620", "cwe": "CWE-369", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-03-01T05:29:00", "cvss_created-epoch": "1519882140", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "6.5"}, "exact": true}, {"vuln": {"cve": "CVE-2011-1521", "summary": "The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.", "cvss": "6.4", "published": "2011-05-24T23:55:02", "modified": "2014-02-21T04:41:39", "published-epoch": "1306281302", "modified-epoch": "1392957699", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-05-25T13:28:00", "cvss_created-epoch": "1306330080", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-1450", "summary": "Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function.", "cvss": "7.5", "published": "2010-05-27T19:30:01", "modified": "2011-03-01T07:01:54", "published-epoch": "1274988601", "modified-epoch": "1298962914", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-05-28T14:43:00", "cvss_created-epoch": "1275057780", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-4864", "summary": "Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.", "cvss": "7.5", "published": "2008-11-01T00:00:01", "modified": "2017-09-29T01:32:21", "published-epoch": "1225497601", "modified-epoch": "1506648741", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-11-03T18:29:00", "cvss_created-epoch": "1225736940", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-5983", "summary": "Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.", "cvss": "6.9", "published": "2009-01-28T02:30:00", "modified": "2013-05-15T02:49:35", "published-epoch": "1233109800", "modified-epoch": "1368586175", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-01-28T17:02:00", "cvss_created-epoch": "1233162120", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-2316", "summary": "Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to \"partial hashlib hashing of data exceeding 4GB.\"", "cvss": "7.5", "published": "2008-08-01T14:41:00", "modified": "2017-08-08T01:30:56", "published-epoch": "1217601660", "modified-epoch": "1502155856", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-08-01T17:45:00", "cvss_created-epoch": "1217612700", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-7338", "summary": "Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function.", "cvss": "7.1", "published": "2014-04-22T14:23:34", "modified": "2017-07-01T01:29:04", "published-epoch": "1398176614", "modified-epoch": "1498872544", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-03-30T19:09:03", "cvss_created-epoch": "1459364943", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-0150", "summary": "Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2, when IPv6 support is disabled, allows remote attackers to execute arbitrary code via an IPv6 address that is obtained using DNS.", "cvss": "7.5", "published": "2004-04-15T04:00:00", "modified": "2017-10-10T01:30:18", "published-epoch": "1082001600", "modified-epoch": "1507599018", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-1542", "summary": "Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a \"stack overflow,\" and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath function. NOTE: this might not be a vulnerability. However, the fact that it appears in a programming language interpreter could mean that some applications are affected, although attack scenarios might be limited because the attacker might already need to cross privilege boundaries to cause an exploitable program to be placed in a directory with a long name; or, depending on the method that Python uses to determine the current working directory, setuid applications might be affected.", "cvss": "3.7", "published": "2006-03-30T11:02:00", "modified": "2017-10-19T01:29:04", "published-epoch": "1143716520", "modified-epoch": "1508376544", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-03-31T16:49:00", "cvss_created-epoch": "1143823740", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-3142", "summary": "Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro.", "cvss": "7.5", "published": "2008-08-01T14:41:00", "modified": "2017-09-29T01:31:32", "published-epoch": "1217601660", "modified-epoch": "1506648692", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-08-01T19:34:00", "cvss_created-epoch": "1217619240", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-4980", "summary": "Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts.", "cvss": "7.5", "published": "2006-10-10T04:06:00", "modified": "2017-10-11T01:31:17", "published-epoch": "1160453160", "modified-epoch": "1507685477", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-10-10T15:01:00", "cvss_created-epoch": "1160492460", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-2089", "summary": "The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.", "cvss": "5.0", "published": "2010-05-27T19:30:01", "modified": "2013-05-15T03:09:45", "published-epoch": "1274988601", "modified-epoch": "1368587385", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-05-28T15:01:00", "cvss_created-epoch": "1275058860", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-3493", "summary": "Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.", "cvss": "4.3", "published": "2010-10-19T20:00:04", "modified": "2017-09-19T01:31:24", "published-epoch": "1287518404", "modified-epoch": "1505784684", "cwe": "CWE-362", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-10-20T19:57:00", "cvss_created-epoch": "1287604620", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2018-1000030", "summary": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.", "cvss": "6.8", "published": "2018-02-08T17:29:00", "modified": "2018-03-10T15:12:00", "published-epoch": "1518110940", "modified-epoch": "1520694720", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-02-08T17:29:00", "cvss_created-epoch": "1518110940", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "8.1"}, "exact": false}, {"vuln": {"cve": "CVE-2008-1721", "summary": "Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.", "cvss": "7.5", "published": "2008-04-10T19:05:00", "modified": "2017-09-29T01:30:50", "published-epoch": "1207854300", "modified-epoch": "1506648650", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-04-10T19:13:00", "cvss_created-epoch": "1207854780", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-3144", "summary": "Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error.", "cvss": "5.0", "published": "2008-08-01T14:41:00", "modified": "2017-09-29T01:31:32", "published-epoch": "1217601660", "modified-epoch": "1506648692", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-08-04T13:30:00", "cvss_created-epoch": "1217856600", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-0845", "summary": "SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.", "cvss": "5.0", "published": "2012-10-05T21:55:01", "modified": "2013-10-31T03:23:20", "published-epoch": "1349474101", "modified-epoch": "1383189800", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-10-08T14:32:00", "cvss_created-epoch": "1349706720", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-1150", "summary": "Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.", "cvss": "5.0", "published": "2012-10-05T21:55:01", "modified": "2013-10-31T03:23:46", "published-epoch": "1349474101", "modified-epoch": "1383189826", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-10-08T14:43:00", "cvss_created-epoch": "1349707380", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-2099", "summary": "Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.", "cvss": "4.3", "published": "2013-10-09T14:53:20", "modified": "2016-06-09T01:59:01", "published-epoch": "1381330400", "modified-epoch": "1465437541", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-11-20T15:29:40", "cvss_created-epoch": "1448033380", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-3143", "summary": "Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by \"checks for integer overflows, contributed by Google.\"", "cvss": "7.5", "published": "2008-08-01T14:41:00", "modified": "2017-09-29T01:31:32", "published-epoch": "1217601660", "modified-epoch": "1506648692", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-08-04T13:20:00", "cvss_created-epoch": "1217856000", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-4238", "summary": "The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.", "cvss": "4.3", "published": "2013-08-18T02:52:22", "modified": "2014-12-12T02:59:45", "published-epoch": "1376794342", "modified-epoch": "1418353185", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-10-23T14:29:18", "cvss_created-epoch": "1382538558", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-5031", "summary": "Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.", "cvss": "10.0", "published": "2008-11-10T16:15:12", "modified": "2017-09-29T01:32:26", "published-epoch": "1226333712", "modified-epoch": "1506648746", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-11-11T16:36:00", "cvss_created-epoch": "1226421360", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-7185", "summary": "Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a \"buffer\" function.", "cvss": "6.4", "published": "2014-10-08T17:55:05", "modified": "2018-01-05T02:29:53", "published-epoch": "1412790905", "modified-epoch": "1515119393", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-03-30T18:42:05", "cvss_created-epoch": "1459363325", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-7040", "summary": "Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.", "cvss": "4.3", "published": "2014-05-19T14:55:09", "modified": "2016-11-28T19:10:02", "published-epoch": "1400511309", "modified-epoch": "1480360202", "cwe": "CWE-310", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-03-30T19:09:53", "cvss_created-epoch": "1459364993", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-7440", "summary": "The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.", "cvss": "4.3", "published": "2016-06-07T18:59:00", "modified": "2016-11-28T19:10:14", "published-epoch": "1465325940", "modified-epoch": "1480360214", "cwe": "CWE-19", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-06-08T12:28:14", "cvss_created-epoch": "1465388894", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss3_score": "5.9"}, "exact": false}, {"vuln": {"cve": "CVE-2008-4108", "summary": "Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.", "cvss": "7.2", "published": "2008-09-18T17:59:33", "modified": "2017-08-08T01:32:25", "published-epoch": "1221760773", "modified-epoch": "1502155945", "cwe": "CWE-59", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-09-19T13:09:00", "cvss_created-epoch": "1221829740", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-4965", "summary": "Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.", "cvss": "5.8", "published": "2007-09-18T22:17:00", "modified": "2017-09-29T01:29:26", "published-epoch": "1190153820", "modified-epoch": "1506648566", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-09-20T19:35:00", "cvss_created-epoch": "1190316900", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-2135", "summary": "The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors.", "cvss": "6.4", "published": "2012-08-14T22:55:01", "modified": "2013-05-15T03:25:59", "published-epoch": "1344984901", "modified-epoch": "1368588359", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-08-15T14:06:00", "cvss_created-epoch": "1345039560", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-0089", "summary": "The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.", "cvss": "7.5", "published": "2005-05-02T04:00:00", "modified": "2017-10-11T01:29:50", "published-epoch": "1115006400", "modified-epoch": "1507685390", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-06-03T02:54:00", "cvss_created-epoch": "1117767240", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-4940", "summary": "The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.", "cvss": "2.6", "published": "2012-06-27T10:18:36", "modified": "2013-05-15T03:22:23", "published-epoch": "1340792316", "modified-epoch": "1368588143", "cwe": "CWE-79", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-06-27T21:22:00", "cvss_created-epoch": "1340832120", "cvss2_vector": "AV:N/AC:H/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-4134", "summary": "Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference.", "cvss": "5.0", "published": "2010-05-27T19:30:01", "modified": "2011-03-01T06:57:11", "published-epoch": "1274988601", "modified-epoch": "1298962631", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-05-28T13:45:00", "cvss_created-epoch": "1275054300", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-2052", "summary": "Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.", "cvss": "5.0", "published": "2007-04-16T22:19:00", "modified": "2017-10-11T01:32:05", "published-epoch": "1176761940", "modified-epoch": "1507685525", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-04-18T14:05:00", "cvss_created-epoch": "1176905100", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-1000158", "summary": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)", "cvss": "7.5", "published": "2017-11-17T05:29:00", "modified": "2018-02-04T02:29:02", "published-epoch": "1510896540", "modified-epoch": "1517711342", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-12-01T20:12:37", "cvss_created-epoch": "1512159157", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": false}, {"vuln": {"cve": "CVE-2010-1634", "summary": "Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5.", "cvss": "5.0", "published": "2010-05-27T19:30:01", "modified": "2013-05-15T03:08:53", "published-epoch": "1274988601", "modified-epoch": "1368587333", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-05-28T14:47:00", "cvss_created-epoch": "1275058020", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-1657", "summary": "Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument.", "cvss": "7.5", "published": "2007-03-24T01:19:00", "modified": "2008-11-13T06:35:44", "published-epoch": "1174699140", "modified-epoch": "1226558144", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-03-27T00:42:00", "cvss_created-epoch": "1174956120", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-1449", "summary": "Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12.", "cvss": "7.5", "published": "2010-05-27T19:30:01", "modified": "2011-03-01T07:01:54", "published-epoch": "1274988601", "modified-epoch": "1298962914", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-05-28T14:40:00", "cvss_created-epoch": "1275057600", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-1015", "summary": "The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.", "cvss": "5.0", "published": "2011-05-09T22:55:01", "modified": "2013-05-15T03:16:47", "published-epoch": "1304981701", "modified-epoch": "1368587807", "cwe": "CWE-200", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-05-10T17:42:00", "cvss_created-epoch": "1305049320", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-2315", "summary": "Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.", "cvss": "7.5", "published": "2008-08-01T14:41:00", "modified": "2017-09-29T01:31:06", "published-epoch": "1217601660", "modified-epoch": "1506648666", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-08-01T17:26:00", "cvss_created-epoch": "1217611560", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-1887", "summary": "Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.", "cvss": "9.3", "published": "2008-04-18T17:05:00", "modified": "2017-09-29T01:30:55", "published-epoch": "1208538300", "modified-epoch": "1506648655", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-04-21T15:39:00", "cvss_created-epoch": "1208792340", "cvss2_vector": "AV:N/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-1679", "summary": "Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.", "cvss": "6.8", "published": "2008-04-22T04:41:00", "modified": "2017-09-29T01:30:49", "published-epoch": "1208839260", "modified-epoch": "1506648649", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-04-22T13:11:00", "cvss_created-epoch": "1208869860", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-1912", "summary": "Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.", "cvss": "7.5", "published": "2014-03-01T00:55:05", "modified": "2018-01-05T02:29:49", "published-epoch": "1393635305", "modified-epoch": "1515119389", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-03-30T18:44:45", "cvss_created-epoch": "1459363485", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-4559", "summary": "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "cvss": "6.8", "published": "2007-08-28T01:17:00", "modified": "2011-03-08T02:58:46", "published-epoch": "1188263820", "modified-epoch": "1299553126", "cwe": "CWE-22", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-08-28T16:07:00", "cvss_created-epoch": "1188317220", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-3492", "summary": "The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.", "cvss": "5.0", "published": "2010-10-19T20:00:04", "modified": "2017-09-19T01:31:24", "published-epoch": "1287518404", "modified-epoch": "1505784684", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-10-20T19:24:00", "cvss_created-epoch": "1287602640", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-1494", "summary": "The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.", "cvss": "5.0", "published": "2016-01-13T15:59:02", "modified": "2016-12-20T02:59:19", "published-epoch": "1452700742", "modified-epoch": "1482202759", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-01-15T03:56:34", "cvss_created-epoch": "1452830194", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss3_score": "5.3"}, "exact": false}, {"vuln": {"cve": "CVE-2002-1119", "summary": "os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack.", "cvss": "4.6", "published": "2002-10-04T04:00:00", "modified": "2016-10-18T02:23:50", "published-epoch": "1033704000", "modified-epoch": "1476757430", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-4944", "summary": "Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.", "cvss": "1.9", "published": "2012-08-27T23:55:01", "modified": "2013-10-31T03:21:29", "published-epoch": "1346111701", "modified-epoch": "1383189689", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-08-28T15:54:00", "cvss_created-epoch": "1346169240", "cvss2_vector": "AV:L/AC:M/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["vm"], "homepage": "https://www.python.org/", "upstream-source": "https://www.python.org/ftp/python/3.6.4/Python-3.6.4.tar.xz", "latest-version": "3.6.4", "short_version": "3.4.0-2ubuntu1", "latest_cmp": false, "url": "https://www.python.org/ftp/python/3.6.4/Python-3.6.4.tar.xz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 1.0, "sha1": "f369f7b7276d0cc92f7ed0e662ba0b623a4b97f2", "name": "libreadline.so.6.3", "timestamp": 1396041318, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libreadline.so.6.3"], "type": "native"}], "objects": ["libreadline.so.6.3", "bash"], "version": "6.3-4ubuntu2", "lib": "readline", "distro_version": "6.3-4ubuntu2", "distro": "ubuntu", "cpe": ["cpe:/a:gnu:readline:6.3-4ubuntu2"], "latest_version": "7.0.3", "vuln-count": {"total": 1, "exact": 0, "historical": 1}, "vulns": [{"vuln": {"cve": "CVE-2014-2524", "summary": "The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.", "cvss": "3.3", "published": "2014-08-20T14:55:05", "modified": "2016-09-07T15:20:59", "published-epoch": "1408546505", "modified-epoch": "1473261659", "cwe": "CWE-59", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-09-07T14:09:47", "cvss_created-epoch": "1473257387", "cvss2_vector": "AV:L/AC:M/Au:N:/C:N/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}], "tags": ["utility"], "homepage": "https://tiswww.case.edu/php/chet/readline/rltop.html", "upstream-source": "https://ftp.gnu.org/gnu/readline/readline-7.0.tar.gz", "latest-version": "7.0.3", "short_version": "6.3-4ubuntu2", "latest_cmp": false, "url": "https://ftp.gnu.org/gnu/readline/readline-7.0.tar.gz", "codetype": "Native", "coverity_scan": {"name": "readline", "language": "C/C++", "id": 6279, "homepage_url": "https://github.com/thypon/readline", "details": {"loc": null, "defect_density": null, "build_date": null, "project_url": "https://scan.coverity.com/projects/readline", "version": null, "cwe": []}, "repo_url": "https://github.com/thypon/readline", "slug": "readline", "mapped-name": "readline"}}, {"extended-objects": [{"confidence": 1.0, "sha1": "8e3aa19fdc42e87659746f6dc8ea3af74ab30362", "name": "bash", "timestamp": 1412709732, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "bin/bash"], "type": "native", "source-match": "6"}], "objects": ["libreadline.so.6.3", "bash"], "version": null, "lib": "readline", "distro_version": null, "distro": "ubuntu", "cpe": ["cpe:/a:gnu:readline:"], "latest_version": "7.0.3", "vuln-count": {"total": 1, "exact": 0, "historical": 1}, "vulns": [{"vuln": {"cve": "CVE-2014-2524", "summary": "The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.", "cvss": "3.3", "published": "2014-08-20T14:55:05", "modified": "2016-09-07T15:20:59", "published-epoch": "1408546505", "modified-epoch": "1473261659", "cwe": "CWE-59", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-09-07T14:09:47", "cvss_created-epoch": "1473257387", "cvss2_vector": "AV:L/AC:M/Au:N:/C:N/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}], "tags": ["utility"], "homepage": "https://tiswww.case.edu/php/chet/readline/rltop.html", "upstream-source": "https://ftp.gnu.org/gnu/readline/readline-7.0.tar.gz", "latest-version": "7.0.3", "short_version": "", "latest_cmp": null, "url": "https://ftp.gnu.org/gnu/readline/readline-7.0.tar.gz", "codetype": "Native", "coverity_scan": {"name": "readline", "language": "C/C++", "id": 6279, "homepage_url": "https://github.com/thypon/readline", "details": {"loc": null, "defect_density": null, "build_date": null, "project_url": "https://scan.coverity.com/projects/readline", "version": null, "cwe": []}, "repo_url": "https://github.com/thypon/readline", "slug": "readline", "mapped-name": "readline"}}, {"extended-objects": [{"confidence": 0.8907741251325557, "sha1": "a986c72bbfe8b87c9698115022f55b8e2c8598cf", "name": "rsync", "timestamp": 1397754770, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/bin/rsync"], "type": "native"}], "objects": ["rsync"], "version": "3.1.0-2ubuntu0.1", "lib": "rsync", "distro_version": "3.1.0-2ubuntu0.1", "distro": "ubuntu", "cpe": ["cpe:/a:gnu:rsync:3.1.0-2ubuntu0.1", "cpe:/a:redhat:rsync:3.1.0-2ubuntu0.1", "cpe:/a:samba:rsync:3.1.0-2ubuntu0.1"], "latest_version": "3.1.3", "vuln-count": {"total": 19, "exact": 4, "historical": 15}, "vulns": [{"vuln": {"cve": "CVE-2018-5764", "summary": "The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.", "cvss": "5.0", "published": "2018-01-17T22:29:00", "modified": "2018-02-04T02:29:25", "published-epoch": "1516228140", "modified-epoch": "1517711365", "cwe": "CWE-254", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-02-02T13:08:13", "cvss_created-epoch": "1517576893", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 309, "vuln_id": "CVE-2018-5764", "component": "rsync", "vendor": null, "codetype": "NA", "version": "3.1.0-2ubuntu0.1", "modified": "2018-03-22T23:20:43.242305", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2014-2855", "summary": "The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.", "cvss": "7.8", "published": "2014-04-23T15:55:04", "modified": "2017-12-16T02:29:06", "published-epoch": "1398268504", "modified-epoch": "1513391346", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-11-02T17:53:02", "cvss_created-epoch": "1446486782", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2017-15994", "summary": "rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects.", "cvss": "7.5", "published": "2017-10-29T06:29:01", "modified": "2017-12-21T02:29:03", "published-epoch": "1509258541", "modified-epoch": "1513823343", "cwe": "CWE-284", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-11-17T16:23:25", "cvss_created-epoch": "1510935805", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 307, "vuln_id": "CVE-2017-15994", "component": "rsync", "vendor": null, "codetype": "NA", "version": "3.1.0-2ubuntu0.1", "modified": "2018-03-22T23:20:43.223003", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-17433", "summary": "The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.", "cvss": "7.5", "published": "2017-12-06T03:29:00", "modified": "2018-02-04T02:29:17", "published-epoch": "1512530940", "modified-epoch": "1517711357", "cwe": "CWE-284", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-12-19T18:53:45", "cvss_created-epoch": "1513709625", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 305, "vuln_id": "CVE-2017-17433", "component": "rsync", "vendor": null, "codetype": "NA", "version": "3.1.0-2ubuntu0.1", "modified": "2018-03-22T23:20:43.198135", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-17434", "summary": "The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in \"xname follows\" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.", "cvss": "7.5", "published": "2017-12-06T03:29:00", "modified": "2018-02-04T02:29:17", "published-epoch": "1512530940", "modified-epoch": "1517711357", "cwe": "CWE-284", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-12-19T19:14:45", "cvss_created-epoch": "1513710885", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 302, "vuln_id": "CVE-2017-17434", "component": "rsync", "vendor": null, "codetype": "NA", "version": "3.1.0-2ubuntu0.1", "modified": "2018-03-22T23:20:43.175151", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-16548", "summary": "The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.", "cvss": "7.5", "published": "2017-11-06T05:29:00", "modified": "2018-03-16T01:29:00", "published-epoch": "1509946140", "modified-epoch": "1521163740", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-11-06T05:29:00", "cvss_created-epoch": "1509946140", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": false}, {"vuln": {"cve": "CVE-2006-2083", "summary": "Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow.", "cvss": "7.5", "published": "2006-04-28T21:02:00", "modified": "2017-07-20T01:31:10", "published-epoch": "1146258120", "modified-epoch": "1500514270", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-04-30T21:19:00", "cvss_created-epoch": "1146431940", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-0792", "summary": "Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.", "cvss": "6.4", "published": "2004-10-20T04:00:00", "modified": "2017-10-11T01:29:34", "published-epoch": "1098244800", "modified-epoch": "1507685374", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-4091", "summary": "Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.", "cvss": "6.8", "published": "2007-08-16T00:17:00", "modified": "2017-07-29T01:32:42", "published-epoch": "1187223420", "modified-epoch": "1501291962", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-08-16T08:45:00", "cvss_created-epoch": "1187253900", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2002-0048", "summary": "Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server.", "cvss": "10.0", "published": "2002-02-27T05:00:00", "modified": "2016-10-18T02:15:34", "published-epoch": "1014786000", "modified-epoch": "1476756934", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-1999-0473", "summary": "The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred.", "cvss": "2.1", "published": "1999-04-07T04:00:00", "modified": "2008-09-09T12:34:37", "published-epoch": "923457600", "modified-epoch": "1220963677", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0962", "summary": "Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.", "cvss": "7.5", "published": "2003-12-15T05:00:00", "modified": "2017-07-11T01:29:38", "published-epoch": "1071464400", "modified-epoch": "1499736578", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-9512", "summary": "rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.", "cvss": "6.4", "published": "2015-02-12T16:59:01", "modified": "2017-09-10T01:29:00", "published-epoch": "1423760341", "modified-epoch": "1505006940", "cwe": "CWE-59", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-10-20T17:31:25", "cvss_created-epoch": "1476984685", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-6199", "summary": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.", "cvss": "9.3", "published": "2007-12-01T06:46:00", "modified": "2017-01-07T02:59:00", "published-epoch": "1196491560", "modified-epoch": "1483757940", "cwe": "CWE-16", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-12-03T15:06:00", "cvss_created-epoch": "1196694360", "cvss2_vector": "AV:N/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2002-0080", "summary": "rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.", "cvss": "2.1", "published": "2002-03-15T05:00:00", "modified": "2008-09-05T20:27:07", "published-epoch": "1016168400", "modified-epoch": "1220646427", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-0426", "summary": "rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.", "cvss": "5.0", "published": "2004-07-07T04:00:00", "modified": "2017-10-11T01:29:26", "published-epoch": "1089172800", "modified-epoch": "1507685366", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-6200", "summary": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.", "cvss": "10.0", "published": "2007-12-01T06:46:00", "modified": "2011-08-24T02:41:35", "published-epoch": "1196491560", "modified-epoch": "1314153695", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-12-03T16:04:00", "cvss_created-epoch": "1196697840", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-1097", "summary": "rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data.", "cvss": "5.1", "published": "2011-03-30T22:55:01", "modified": "2014-02-21T04:40:52", "published-epoch": "1301525701", "modified-epoch": "1392957652", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-03-31T13:08:00", "cvss_created-epoch": "1301576880", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-1720", "summary": "Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors.", "cvss": "7.5", "published": "2008-04-10T19:05:00", "modified": "2017-08-08T01:30:23", "published-epoch": "1207854300", "modified-epoch": "1502155823", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-04-10T19:15:00", "cvss_created-epoch": "1207854900", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["client", "protocol", "server"], "homepage": "https://rsync.samba.org/", "upstream-source": "https://rsync.samba.org/ftp/rsync/rsync-3.1.3.tar.gz", "latest-version": "3.1.3", "short_version": "3.1.0-2ubuntu0.1", "latest_cmp": false, "url": "https://rsync.samba.org/ftp/rsync/rsync-3.1.3.tar.gz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.6, "sha1": "74a5798b3953ee29bde1bb2022af414e361a812e", "name": "imuxsock.so", "timestamp": 1421355944, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/lib/rsyslog/imuxsock.so"], "type": "native"}, {"confidence": 0.7634408602150538, "sha1": "b1c259538a8cf04b94c03eb03b86c53b09afcac6", "name": "rsyslogd", "timestamp": 1421355944, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/sbin/rsyslogd"], "type": "native"}], "objects": ["imuxsock.so", "rsyslogd"], "version": "7.4.4-1ubuntu2.6", "lib": "rsyslog", "distro_version": "7.4.4-1ubuntu2.6", "distro": "ubuntu", "cpe": ["cpe:/a:rsyslog:rsyslog:7.4.4-1ubuntu2.6"], "latest_version": "7.4.5", "vuln-count": {"total": 9, "exact": 0, "historical": 9}, "vulns": [{"vuln": {"cve": "CVE-2011-3200", "summary": "Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service (application exit) via a long TAG in a legacy syslog message.", "cvss": "5.0", "published": "2011-09-06T16:55:10", "modified": "2011-09-23T03:34:33", "published-epoch": "1315328110", "modified-epoch": "1316748873", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-09-06T19:23:00", "cvss_created-epoch": "1315336980", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-4623", "summary": "Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers a heap-based buffer overflow.", "cvss": "2.1", "published": "2012-09-25T23:55:01", "modified": "2012-09-26T04:00:00", "published-epoch": "1348617301", "modified-epoch": "1348632000", "cwe": "CWE-189", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-09-26T15:43:00", "cvss_created-epoch": "1348674180", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-3683", "summary": "Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.", "cvss": "5.0", "published": "2014-11-02T00:55:05", "modified": "2016-10-18T03:44:14", "published-epoch": "1414889705", "modified-epoch": "1476762254", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-11-04T01:20:20", "cvss_created-epoch": "1415064020", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-3243", "summary": "rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.", "cvss": "2.1", "published": "2017-07-25T18:29:00", "modified": "2017-07-31T19:07:11", "published-epoch": "1501007340", "modified-epoch": "1501528031", "cwe": "CWE-532", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-07-28T15:28:55", "cvss_created-epoch": "1501255735", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "5.5"}, "exact": false}, {"vuln": {"cve": "CVE-2014-3634", "summary": "rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.", "cvss": "7.5", "published": "2014-11-02T00:55:05", "modified": "2016-10-18T03:44:09", "published-epoch": "1414889705", "modified-epoch": "1476762249", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-11-04T01:22:32", "cvss_created-epoch": "1415064152", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-4758", "summary": "Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response.", "cvss": "6.8", "published": "2013-10-04T17:55:09", "modified": "2013-10-07T14:29:11", "published-epoch": "1380909309", "modified-epoch": "1381156151", "cwe": "CWE-399", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-10-07T09:56:38", "cvss_created-epoch": "1381139798", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-5618", "summary": "imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 before 3.20.2 generates a message even when it is sent by an unauthorized sender, which allows remote attackers to cause a denial of service (disk consumption) via a large number of spurious messages.", "cvss": "5.0", "published": "2008-12-17T02:30:00", "modified": "2008-12-17T05:00:00", "published-epoch": "1229481000", "modified-epoch": "1229490000", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-12-17T18:36:00", "cvss_created-epoch": "1229538960", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-12588", "summary": "The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact.", "cvss": "7.5", "published": "2017-08-06T14:29:00", "modified": "2017-08-14T11:15:23", "published-epoch": "1502029740", "modified-epoch": "1502709323", "cwe": "CWE-134", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-08-11T20:29:57", "cvss_created-epoch": "1502483397", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": false}, {"vuln": {"cve": "CVE-2008-5617", "summary": "The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.", "cvss": "8.5", "published": "2008-12-17T02:30:00", "modified": "2017-08-08T01:33:25", "published-epoch": "1229481000", "modified-epoch": "1502156005", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-12-17T18:42:00", "cvss_created-epoch": "1229539320", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["system"], "homepage": "https://www.rsyslog.com/", "upstream-source": "https://www.rsyslog.com/files/download/rsyslog/rsyslog-7.4.5.tar.gz", "latest-version": "7.4.5", "short_version": "7.4.4-1ubuntu2.6", "latest_cmp": false, "url": "https://www.rsyslog.com/files/download/rsyslog/rsyslog-7.4.5.tar.gz", "codetype": "Native", "coverity_scan": {"name": "rsyslog/rsyslog", "language": "C/C++", "id": 2580, "homepage_url": "http://www.rsyslog.com", "details": {"loc": 149286, "defect_density": {"comparison": 0.5, "over_time": [{"2018-03-01": 0.01, "2018-01-01": 0.02, "2017-11-01": 0.36, "2017-12-01": 0.04, "2017-10-01": 0.97, "2018-02-01": 0.01}], "score": 0.01, "verdict": "low", "loc_range": "100,000 to 499,999"}, "build_date": "2018-03-22", "project_url": "https://scan.coverity.com/projects/rsyslog-rsyslog", "version": "master\\ branch\\ head", "cwe": [{"name": "Use of Potentially Dangerous Function", "defect_count": 1, "id": 676, "rank": 18, "uri": "http://cwe.mitre.org/top25/#CWE-676"}]}, "repo_url": "https://github.com/rsyslog/rsyslog.git", "slug": "rsyslog-rsyslog", "mapped-name": "rsyslog"}}, {"extended-objects": [{"confidence": 1.0, "sha1": "4a3e0883c7f16d323b48d3f392ecd6b077bdbe4e", "name": "librtmp.so.0", "timestamp": 1367514296, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "2221896a52bebb37388696682480d2288b6387f21ab7b1ae310c89fb75230032/layer.tar", "usr/lib/x86_64-linux-gnu/librtmp.so.0"], "type": "native"}], "objects": ["librtmp.so.0"], "version": "2.4+20121230.gitdf6c518-1", "lib": "rtmpdump", "distro_version": "2.4+20121230.gitdf6c518-1", "distro": "ubuntu", "latest_version": "2.4+20151223", "vuln-count": {"total": 3, "exact": 3, "historical": 0}, "vulns": [{"vuln": {"cve": "CVE-2015-8270", "summary": "The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service (invalid pointer dereference and process crash).", "cvss": "5.0", "published": "2017-04-13T14:59:00", "modified": "2017-11-04T01:29:12", "published-epoch": "1492095540", "modified-epoch": "1509758952", "cwe": "CWE-476", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-04-20T00:40:05", "cvss_created-epoch": "1492648805", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 257, "vuln_id": "CVE-2015-8270", "component": "rtmpdump", "vendor": null, "codetype": "NA", "version": "2.4+20121230.gitdf6c518-1", "modified": "2018-03-22T23:19:37.591694", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-8271", "summary": "The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute arbitrary code.", "cvss": "7.5", "published": "2017-04-13T14:59:01", "modified": "2017-11-04T01:29:12", "published-epoch": "1492095541", "modified-epoch": "1509758952", "cwe": "CWE-123", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-04-20T00:38:11", "cvss_created-epoch": "1492648691", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 254, "vuln_id": "CVE-2015-8271", "component": "rtmpdump", "vendor": null, "codetype": "NA", "version": "2.4+20121230.gitdf6c518-1", "modified": "2018-03-22T23:19:37.568648", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-8272", "summary": "RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash).", "cvss": "4.3", "published": "2017-04-13T14:59:01", "modified": "2017-11-04T01:29:12", "published-epoch": "1492095541", "modified-epoch": "1509758952", "cwe": "CWE-476", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-04-19T18:15:15", "cvss_created-epoch": "1492625715", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3_score": "6.5"}, "exact": true, "triage": [{"id": 259, "vuln_id": "CVE-2015-8272", "component": "rtmpdump", "vendor": null, "codetype": "NA", "version": "2.4+20121230.gitdf6c518-1", "modified": "2018-03-22T23:19:37.620444", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}], "tags": ["audio", "protocol", "video"], "homepage": "https://rtmpdump.mplayerhq.hu/", "upstream-source": "https://mirrors.ocf.berkeley.edu/debian/pool/main/r/rtmpdump/rtmpdump_2.4+20151223.gitfa8646d.1.orig.tar.gz", "latest-version": "2.4+20151223", "short_version": "2.4+20121230.gitdf6c518-1", "latest_cmp": false, "url": "https://mirrors.ocf.berkeley.edu/debian/pool/main/r/rtmpdump/rtmpdump_2.4+20151223.gitfa8646d.1.orig.tar.gz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.9571428571428572, "sha1": "1892c906fc5208a501f934d61fbd2e5ad9ab2fe0", "name": "sed", "timestamp": 1392291482, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "bin/sed"], "type": "native"}], "objects": ["sed"], "version": "4.2.2-4ubuntu1", "lib": "sed", "distro_version": "4.2.2-4ubuntu1", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 0, "exact": 0, "historical": 0}, "vulns": [], "tags": ["utility"], "short_version": "4.2.2-4ubuntu1", "latest_cmp": null, "homepage": null, "url": null, "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.9849624060150376, "sha1": "1457c85b30c83cb6faba31862cb012435172719c", "name": "libselinux.so.1", "timestamp": 1398778445, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libselinux.so.1"], "type": "native"}], "objects": ["libselinux.so.1"], "version": "2.2.2-1ubuntu0.1", "lib": "selinux", "distro_version": "2.2.2-1ubuntu0.1", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 2, "exact": 2, "historical": 0}, "vulns": [{"vuln": {"cve": "CVE-2018-1063", "summary": "Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.", "cvss": "3.3", "published": "2018-03-02T15:29:00", "modified": "2018-03-22T14:30:00", "published-epoch": "1520004540", "modified-epoch": "1521729000", "cwe": "CWE-59", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-03-02T15:29:00", "cvss_created-epoch": "1520004540", "cvss2_vector": "AV:L/AC:M/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "4.4"}, "exact": true, "timestamp-objects": ["libselinux.so.1"]}, {"vuln": {"cve": "CVE-2015-3170", "summary": "selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy.", "cvss": "2.1", "published": "2017-07-21T14:29:00", "modified": "2017-07-26T20:03:13", "published-epoch": "1500647340", "modified-epoch": "1501099393", "cwe": "CWE-254", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-07-25T16:43:47", "cvss_created-epoch": "1501001027", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "5.5"}, "exact": true, "timestamp-objects": ["libselinux.so.1"]}], "tags": ["acl"], "homepage": "http://selinuxproject.org/", "short_version": "2.2.2-1ubuntu0.1", "latest_cmp": null, "url": null, "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.4931506849315068, "sha1": "9467afd3bbb6fbcc376712a5c1c3bfe2ba6abf74", "name": "chage", "timestamp": 1392604972, "binary-type": "unknown", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/chage"], "type": "native"}, {"confidence": 0.5068493150684932, "sha1": "cb2ece8cfb9499fce8868ac7ce201f4fb32e7d3a", "name": "gpasswd", "timestamp": 1392604972, "binary-type": "unknown", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/gpasswd"], "type": "native"}, {"confidence": 0.2054794520547945, "sha1": "51bb78c6498877146c6905ba866f5f3fc6d34612", "name": "cppw", "timestamp": 1392604972, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/sbin/cppw"], "type": "native"}, {"confidence": 0.3835616438356164, "sha1": "23bbf3bdcf2379ff8dcb961b2604f5469fcb94f2", "name": "grpunconv", "timestamp": 1392604972, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/sbin/grpunconv"], "type": "native"}, {"confidence": 0.3972602739726027, "sha1": "1f5be3e4ec7b5513c83d009f4408b323262dce1f", "name": "groupmod", "timestamp": 1392604972, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/sbin/groupmod"], "type": "native"}, {"confidence": 0.3835616438356164, "sha1": "8d1fe35513cd533c88446ebe52dff1e87c507be2", "name": "pwunconv", "timestamp": 1392604972, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/sbin/pwunconv"], "type": "native"}, {"confidence": 0.3835616438356164, "sha1": "c999b502fdfaf6a3179e5f005c1c42ba467c2bf5", "name": "chgpasswd", "timestamp": 1392604972, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/sbin/chgpasswd"], "type": "native"}, {"confidence": 0.3698630136986301, "sha1": "421fc79d64d4dae157f8964b6a4196ced9cd09d0", "name": "grpck", "timestamp": 1392604972, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/sbin/grpck"], "type": "native"}, {"confidence": 0.4383561643835616, "sha1": "7211c993029089fe1819521e9c95a19f2df90c77", "name": "usermod", "timestamp": 1392604972, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/sbin/usermod"], "type": "native"}, {"confidence": 0.3561643835616438, "sha1": "042b80fcaa9b31dfd423dbdce5366492822d7508", "name": "groupdel", "timestamp": 1392604972, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/sbin/groupdel"], "type": "native"}, {"confidence": 0.3835616438356164, "sha1": "d64aaf1ae152b600f38cc4094319f7f226b0eeb8", "name": "pwck", "timestamp": 1392604972, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/sbin/pwck"], "type": "native"}, {"confidence": 0.3835616438356164, "sha1": "d2a86fd475334193a1514603b51ac2cc053d70d9", "name": "groupadd", "timestamp": 1392604972, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/sbin/groupadd"], "type": "native"}, {"confidence": 0.863013698630137, "sha1": "7aee036e13551432141e8e91df6b6eba2f728096", "name": "passwd", "timestamp": 1392604972, "binary-type": "unknown", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/passwd"], "type": "native"}, {"confidence": 0.3150684931506849, "sha1": "7991d25024ae33aa6337c6d08988f4b1b5644206", "name": "vipw", "timestamp": 1392604972, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/sbin/vipw"], "type": "native"}, {"confidence": 0.3835616438356164, "sha1": "458a8c062ee56fe9bd51aaeb38a74c5c3bd8b007", "name": "pwconv", "timestamp": 1392604972, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/sbin/pwconv"], "type": "native"}, {"confidence": 0.410958904109589, "sha1": "b3a0a6827c2980c455529102e2ed20a01722584e", "name": "userdel", "timestamp": 1392604972, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/sbin/userdel"], "type": "native"}, {"confidence": 0.5616438356164384, "sha1": "63048708ec4af127a0860eccca42b3b97d1e7acd", "name": "chfn", "timestamp": 1392604972, "binary-type": "unknown", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/chfn"], "type": "native"}, {"confidence": 0.4246575342465753, "sha1": "ef5dccc4ac3cd70b4f5682e9e88be0a675ade746", "name": "useradd", "timestamp": 1392604972, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/sbin/useradd"], "type": "native"}, {"confidence": 0.3835616438356164, "sha1": "cef107059a0bf97982690a8e96447e57572edb32", "name": "chpasswd", "timestamp": 1392604972, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/sbin/chpasswd"], "type": "native"}, {"confidence": 0.5616438356164384, "sha1": "8ab8adf739b1d1f8156f98fa5ee3b28e9e699d52", "name": "chsh", "timestamp": 1392604972, "binary-type": "unknown", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/chsh"], "type": "native"}, {"confidence": 0.3972602739726027, "sha1": "f19f3042ed34ec2ce7705c1733fd6b61d6fb6473", "name": "newusers", "timestamp": 1392604972, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/sbin/newusers"], "type": "native"}, {"confidence": 0.3835616438356164, "sha1": "7e3e46ee01a726d9ffe3eed3ff3079214cdacfc5", "name": "grpconv", "timestamp": 1392604972, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/sbin/grpconv"], "type": "native"}], "objects": ["chage", "gpasswd", "cppw", "grpunconv", "groupmod", "pwunconv", "chgpasswd", "grpck", "usermod", "groupdel", "pwck", "groupadd", "passwd", "vipw", "pwconv", "userdel", "chfn", "useradd", "chpasswd", "chsh", "newusers", "grpconv"], "version": "4.1.5.1-1ubuntu9", "lib": "shadow", "distro_version": "4.1.5.1-1ubuntu9", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 5, "exact": 3, "historical": 2}, "vulns": [{"vuln": {"cve": "CVE-2017-12424", "summary": "In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.", "cvss": "7.5", "published": "2017-08-04T09:29:00", "modified": "2017-10-17T01:29:00", "published-epoch": "1501838940", "modified-epoch": "1508203740", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-08-10T19:03:42", "cvss_created-epoch": "1502391822", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 253, "vuln_id": "CVE-2017-12424", "component": "shadow", "vendor": null, "codetype": "NA", "version": "4.1.5.1-1ubuntu9", "modified": "2018-03-22T23:19:37.566083", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2011-0721", "summary": "Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.", "cvss": "6.4", "published": "2011-02-19T01:00:03", "modified": "2017-08-17T01:33:42", "published-epoch": "1298077203", "modified-epoch": "1502933622", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-02-21T20:50:00", "cvss_created-epoch": "1298321400", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2016-6252", "summary": "Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.", "cvss": "4.6", "published": "2017-02-17T17:59:00", "modified": "2017-11-04T01:29:21", "published-epoch": "1487354340", "modified-epoch": "1509758961", "cwe": "CWE-190", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-02-21T18:46:47", "cvss_created-epoch": "1487702807", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": true, "timestamp-objects": ["chage"], "triage": [{"id": 256, "vuln_id": "CVE-2016-6252", "component": "shadow", "vendor": null, "codetype": "NA", "version": "4.1.5.1-1ubuntu9", "modified": "2018-03-22T23:19:37.591586", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2018-7169", "summary": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.", "cvss": "5.0", "published": "2018-02-15T20:29:00", "modified": "2018-03-14T13:37:00", "published-epoch": "1518726540", "modified-epoch": "1521034620", "cwe": "CWE-254", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-02-15T20:29:00", "cvss_created-epoch": "1518726540", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "5.3"}, "exact": true, "timestamp-objects": ["chage"]}, {"vuln": {"cve": "CVE-2008-5394", "summary": "/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.", "cvss": "7.2", "published": "2008-12-09T00:30:00", "modified": "2017-09-29T01:32:37", "published-epoch": "1228782600", "modified-epoch": "1506648757", "cwe": "CWE-59", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-12-09T18:26:00", "cvss_created-epoch": "1228847160", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}], "tags": ["authentication"], "short_version": "4.1.5.1-1ubuntu9", "latest_cmp": null, "homepage": null, "url": null, "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 1.0, "sha1": "ce968689b64480c713bf36bf6b92c55e8d45d554", "name": "libslang.so.2.2.4", "timestamp": 1344004957, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libslang.so.2.2.4"], "type": "native"}], "objects": ["libslang.so.2.2.4"], "version": "2.2.4-15ubuntu1", "lib": "slang", "distro_version": "2.2.4-15ubuntu1", "distro": "ubuntu", "latest_version": "2.3.1a", "vuln-count": {"total": 0, "exact": 0, "historical": 0}, "vulns": [], "tags": ["ui"], "homepage": "https://www.jedsoft.org/slang/", "upstream-source": "https://www.jedsoft.org/releases/slang/slang-2.3.1a.tar.bz2", "latest-version": "2.3.1a", "short_version": "2.2.4-15ubuntu1", "latest_cmp": false, "url": "https://www.jedsoft.org/releases/slang/slang-2.3.1a.tar.bz2", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.8923395445134575, "sha1": "e2b22bb7450c31eb4d9e24a6d10280230e55e7e0", "name": "libsqlite3.so.0.8.6", "timestamp": 1388681528, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/lib/x86_64-linux-gnu/libsqlite3.so.0.8.6"], "type": "native"}], "objects": ["libsqlite3.so.0.8.6"], "version": "3.8.2-1ubuntu2", "lib": "sqlite3", "distro_version": "3.8.2-1ubuntu2", "distro": "ubuntu", "cpe": ["cpe:/a:sqlite:sqlite:3.8.2-1ubuntu2"], "latest_version": "3.22.0", "vuln-count": {"total": 13, "exact": 2, "historical": 11}, "vulns": [{"vuln": {"cve": "CVE-2013-7443", "summary": "Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements.", "cvss": "5.0", "published": "2015-08-12T14:59:00", "modified": "2016-11-28T19:10:16", "published-epoch": "1439391540", "modified-epoch": "1480360216", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-04-06T19:20:18", "cvss_created-epoch": "1459970418", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true}, {"vuln": {"cve": "CVE-2015-3414", "summary": "SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE\"\"\"\"\"\"\"\" at the end of a SELECT statement.", "cvss": "7.5", "published": "2015-04-24T17:59:00", "modified": "2017-01-03T03:00:01", "published-epoch": "1429898340", "modified-epoch": "1483412401", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-01-03T18:00:24", "cvss_created-epoch": "1483466424", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-3415", "summary": "The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.", "cvss": "7.5", "published": "2015-04-24T17:59:01", "modified": "2017-01-03T03:00:01", "published-epoch": "1429898341", "modified-epoch": "1483412401", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-01-03T18:00:24", "cvss_created-epoch": "1483466424", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-3416", "summary": "The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.", "cvss": "7.5", "published": "2015-04-24T17:59:02", "modified": "2017-01-03T03:00:01", "published-epoch": "1429898342", "modified-epoch": "1483412401", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-01-03T18:00:24", "cvss_created-epoch": "1483466424", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2016-6153", "summary": "os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.", "cvss": "4.6", "published": "2016-09-26T16:59:03", "modified": "2017-11-03T01:29:03", "published-epoch": "1474909143", "modified-epoch": "1509672543", "cwe": "CWE-20", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-09-27T19:42:04", "cvss_created-epoch": "1475005324", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss3_score": "5.9"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2017-10989", "summary": "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.", "cvss": "7.5", "published": "2017-07-07T12:29:00", "modified": "2017-10-24T01:29:01", "published-epoch": "1499430540", "modified-epoch": "1508808541", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-07-12T20:15:25", "cvss_created-epoch": "1499890525", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 260, "vuln_id": "CVE-2017-10989", "component": "sqlite3", "vendor": null, "codetype": "NA", "version": "3.8.2-1ubuntu2", "modified": "2018-03-22T23:19:37.645846", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2008-6589", "summary": "Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy \"no database\" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php.", "cvss": "4.3", "published": "2009-04-03T18:30:00", "modified": "2017-08-17T01:29:25", "published-epoch": "1238783400", "modified-epoch": "1502933365", "cwe": "CWE-79", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-04-06T12:55:00", "cvss_created-epoch": "1239022500", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-3717", "summary": "Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.", "cvss": "7.5", "published": "2015-07-03T02:00:08", "modified": "2017-09-22T01:29:15", "published-epoch": "1435888808", "modified-epoch": "1506043755", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-07-07T12:47:45", "cvss_created-epoch": "1436273265", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-6590", "summary": "Multiple directory traversal vulnerabilities in LightNEasy \"no database\" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to read arbitrary files via a .. (dot dot) in the page parameter to (1) index.php and (2) LightNEasy.php.", "cvss": "5.0", "published": "2009-04-03T18:30:00", "modified": "2017-08-17T01:29:25", "published-epoch": "1238783400", "modified-epoch": "1502933365", "cwe": "CWE-22", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-04-06T13:05:00", "cvss_created-epoch": "1239023100", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-15286", "summary": "SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.", "cvss": "5.0", "published": "2017-10-12T08:29:00", "modified": "2017-10-27T14:18:36", "published-epoch": "1507796940", "modified-epoch": "1509113916", "cwe": "CWE-476", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-10-19T18:33:06", "cvss_created-epoch": "1508437986", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": false}, {"vuln": {"cve": "CVE-2008-6592", "summary": "thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy \"no database\" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).", "cvss": "7.5", "published": "2009-04-03T18:30:00", "modified": "2017-09-29T01:33:14", "published-epoch": "1238783400", "modified-epoch": "1506648794", "cwe": "CWE-22", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-04-06T13:12:00", "cvss_created-epoch": "1239023520", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-6593", "summary": "SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php.", "cvss": "7.5", "published": "2009-04-03T18:30:00", "modified": "2017-09-29T01:33:14", "published-epoch": "1238783400", "modified-epoch": "1506648794", "cwe": "CWE-89", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-04-06T13:15:00", "cvss_created-epoch": "1239023700", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2017-13685", "summary": "The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.", "cvss": "4.3", "published": "2017-08-29T06:29:00", "modified": "2017-08-31T01:29:01", "published-epoch": "1503988140", "modified-epoch": "1504142941", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-08-30T17:48:18", "cvss_created-epoch": "1504115298", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3_score": "5.5"}, "exact": false}], "tags": ["database"], "homepage": "https://sqlite.org/", "upstream-source": "https://sqlite.org/2018/sqlite-autoconf-3220000.tar.gz", "latest-version": "3.22.0", "short_version": "3.8.2-1ubuntu2", "latest_cmp": false, "url": "https://sqlite.org/2018/sqlite-autoconf-3220000.tar.gz", "codetype": "Native", "coverity_scan": {"name": "SQLite", "language": "C/C++", "id": 219, "homepage_url": "http://www.sqlite.org", "details": {"loc": 156737, "defect_density": {"comparison": 0.5, "over_time": [{"2016-03-29": 0.5}], "score": 0.5, "verdict": "equal", "loc_range": "100,000 to 499,999"}, "build_date": "2016-03-29", "project_url": "https://scan.coverity.com/projects/sqlite", "version": "3.12.0", "cwe": [{"name": "Integer Overflow or Wraparound", "defect_count": 6, "id": 190, "rank": 24, "uri": "http://cwe.mitre.org/top25/#CWE-190"}]}, "repo_url": "http://www.sqlite.org/cgi/src", "slug": "sqlite", "mapped-name": "sqlite3"}}, {"extended-objects": [{"confidence": 0.7810457516339869, "sha1": "42c6a2cf480f9af70b1bb7a8715160a0ec30b5a2", "name": "sudo", "timestamp": 1426177663, "binary-type": "unknown", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/sudo"], "type": "native"}], "objects": ["sudo"], "version": "1.8.9p5-1ubuntu1.1", "lib": "sudo", "distro_version": "1.8.9p5-1ubuntu1.1", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 36, "exact": 3, "historical": 33}, "vulns": [{"vuln": {"cve": "CVE-2014-9680", "summary": "sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.", "cvss": "2.1", "published": "2017-04-24T06:59:00", "modified": "2018-01-05T02:29:57", "published-epoch": "1493017140", "modified-epoch": "1515119397", "cwe": "CWE-200", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-04T19:10:40", "cvss_created-epoch": "1493925040", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "cvss3_score": "3.3"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2015-5602", "summary": "sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by \"/home/*/*/file.txt.\"", "cvss": "7.2", "published": "2015-11-17T15:59:10", "modified": "2016-12-07T18:17:19", "published-epoch": "1447775950", "modified-epoch": "1481134639", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-07-29T18:16:38", "cvss_created-epoch": "1469816198", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": true, "triage": [{"id": 249, "vuln_id": "CVE-2015-5602", "component": "sudo", "vendor": null, "codetype": "NA", "version": "1.8.9p5-1ubuntu1.1", "modified": "2018-03-22T23:19:37.499844", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-1000367", "summary": "Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.", "cvss": "6.9", "published": "2017-06-05T14:29:00", "modified": "2018-01-05T02:31:25", "published-epoch": "1496672940", "modified-epoch": "1515119485", "cwe": "CWE-20", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-06-08T16:27:59", "cvss_created-epoch": "1496939279", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "6.4"}, "exact": true, "triage": [{"id": 252, "vuln_id": "CVE-2017-1000367", "component": "sudo", "vendor": null, "codetype": "NA", "version": "1.8.9p5-1ubuntu1.1", "modified": "2018-03-22T23:19:37.525464", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-1000368", "summary": "Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.", "cvss": "7.2", "published": "2017-06-05T16:29:00", "modified": "2018-01-05T02:31:25", "published-epoch": "1496680140", "modified-epoch": "1515119485", "cwe": "CWE-20", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-06-08T17:46:10", "cvss_created-epoch": "1496943970", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "cvss3_score": "8.2"}, "exact": true, "triage": [{"id": 244, "vuln_id": "CVE-2017-1000368", "component": "sudo", "vendor": null, "codetype": "NA", "version": "1.8.9p5-1ubuntu1.1", "modified": "2018-03-22T23:19:37.460292", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2010-1646", "summary": "The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.", "cvss": "6.2", "published": "2010-06-07T17:12:48", "modified": "2017-09-19T01:30:47", "published-epoch": "1275930768", "modified-epoch": "1505784647", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-06-07T19:14:00", "cvss_created-epoch": "1275938040", "cvss2_vector": "AV:L/AC:H/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-1689", "summary": "sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit.", "cvss": "2.1", "published": "2004-09-16T04:00:00", "modified": "2017-07-11T01:31:15", "published-epoch": "1095307200", "modified-epoch": "1499736675", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-05-31T17:41:00", "cvss_created-epoch": "1117561260", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-4305", "summary": "Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.", "cvss": "6.2", "published": "2007-08-13T21:17:00", "modified": "2008-09-05T21:27:54", "published-epoch": "1187039820", "modified-epoch": "1220650074", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-08-14T12:31:00", "cvss_created-epoch": "1187094660", "cvss2_vector": "AV:L/AC:H/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2002-0043", "summary": "sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.", "cvss": "7.2", "published": "2002-01-31T05:00:00", "modified": "2016-10-18T02:15:32", "published-epoch": "1012453200", "modified-epoch": "1476756932", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-1119", "summary": "Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files.", "cvss": "2.1", "published": "2005-05-02T04:00:00", "modified": "2008-09-05T20:48:15", "published-epoch": "1115006400", "modified-epoch": "1220647695", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-06-14T19:59:00", "cvss_created-epoch": "1118779140", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2002-0184", "summary": "Heap-based buffer overflow in sudo before 1.6.6 may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.", "cvss": "7.2", "published": "2002-05-16T04:00:00", "modified": "2016-10-18T02:16:52", "published-epoch": "1021521600", "modified-epoch": "1476757012", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-1999-0958", "summary": "sudo 1.5.x allows local users to execute arbitrary commands via a .. (dot dot) attack.", "cvss": "7.2", "published": "1998-01-12T05:00:00", "modified": "2016-10-18T02:00:00", "published-epoch": "884581200", "modified-epoch": "1476756000", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-2776", "summary": "sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.", "cvss": "4.4", "published": "2013-04-08T17:55:01", "modified": "2017-08-29T01:33:17", "published-epoch": "1365443701", "modified-epoch": "1503970397", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-03-30T19:11:41", "cvss_created-epoch": "1459365101", "cvss2_vector": "AV:L/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-2777", "summary": "sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.", "cvss": "4.4", "published": "2013-04-08T17:55:01", "modified": "2017-08-29T01:33:17", "published-epoch": "1365443701", "modified-epoch": "1503970397", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-03-30T19:10:36", "cvss_created-epoch": "1459365036", "cvss2_vector": "AV:L/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-2337", "summary": "sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.", "cvss": "7.2", "published": "2012-05-18T18:55:01", "modified": "2018-01-05T02:29:32", "published-epoch": "1337367301", "modified-epoch": "1515119372", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-05-21T14:08:00", "cvss_created-epoch": "1337609280", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-3440", "summary": "A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.", "cvss": "5.6", "published": "2012-08-08T10:26:19", "modified": "2016-11-28T19:08:16", "published-epoch": "1344421579", "modified-epoch": "1480360096", "cwe": "CWE-59", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-08-08T19:03:00", "cvss_created-epoch": "1344452580", "cvss2_vector": "AV:L/AC:H/Au:N:/C:N/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2012-0809", "summary": "Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.", "cvss": "7.2", "published": "2012-02-01T00:55:02", "modified": "2018-01-05T02:29:28", "published-epoch": "1328057702", "modified-epoch": "1515119368", "cwe": "CWE-134", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-02-01T13:17:00", "cvss_created-epoch": "1328102220", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-7032", "summary": "sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.", "cvss": "6.9", "published": "2017-04-14T18:59:00", "modified": "2018-01-05T02:31:10", "published-epoch": "1492196340", "modified-epoch": "1515119470", "cwe": "CWE-284", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-04-24T18:55:23", "cvss_created-epoch": "1493060123", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "7.0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-3149", "summary": "sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be \"a user, who can already log into your system, and can already use sudo.\"", "cvss": "7.2", "published": "2007-06-11T18:30:00", "modified": "2008-09-05T21:24:58", "published-epoch": "1181586600", "modified-epoch": "1220649898", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-06-12T12:37:00", "cvss_created-epoch": "1181651820", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-2959", "summary": "Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.", "cvss": "4.6", "published": "2005-10-25T16:02:00", "modified": "2011-07-28T04:00:00", "published-epoch": "1130256120", "modified-epoch": "1311825600", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-10-25T16:40:00", "cvss_created-epoch": "1130258400", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-0008", "summary": "A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression.", "cvss": "6.9", "published": "2011-01-20T19:00:07", "modified": "2017-08-17T01:33:22", "published-epoch": "1295550007", "modified-epoch": "1502933602", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-01-21T17:54:00", "cvss_created-epoch": "1295632440", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2014-0106", "summary": "Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.", "cvss": "6.6", "published": "2014-03-11T19:37:03", "modified": "2017-12-16T02:29:02", "published-epoch": "1394566623", "modified-epoch": "1513391342", "cwe": "CWE-20", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-03-30T18:45:40", "cvss_created-epoch": "1459363540", "cvss2_vector": "AV:L/AC:M/Au:S:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-1163", "summary": "The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for \".\", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.", "cvss": "6.9", "published": "2010-04-16T19:30:00", "modified": "2017-09-19T01:30:34", "published-epoch": "1271446200", "modified-epoch": "1505784634", "cwe": "CWE-20", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-04-19T19:40:00", "cvss_created-epoch": "1271706000", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-0426", "summary": "sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory.", "cvss": "6.9", "published": "2010-02-24T18:30:00", "modified": "2017-09-19T01:30:23", "published-epoch": "1267036200", "modified-epoch": "1505784623", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-02-25T14:40:00", "cvss_created-epoch": "1267108800", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-1999-1496", "summary": "Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.", "cvss": "2.1", "published": "1999-06-08T04:00:00", "modified": "2017-12-19T02:29:09", "published-epoch": "928814400", "modified-epoch": "1513650549", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-8239", "summary": "The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.", "cvss": "6.9", "published": "2017-10-10T16:29:00", "modified": "2017-11-05T21:23:16", "published-epoch": "1507652940", "modified-epoch": "1509916996", "cwe": "CWE-362", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-10-20T18:33:43", "cvss_created-epoch": "1508524423", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "7.0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-1831", "summary": "** DISPUTED ** Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating \"Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty.\"", "cvss": "7.2", "published": "2005-05-31T04:00:00", "modified": "2016-10-18T03:22:49", "published-epoch": "1117512000", "modified-epoch": "1476760969", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-06-02T20:16:00", "cvss_created-epoch": "1117743360", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-1993", "summary": "Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.", "cvss": "3.7", "published": "2005-06-20T04:00:00", "modified": "2017-10-11T01:30:12", "published-epoch": "1119240000", "modified-epoch": "1507685412", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-06-21T19:25:00", "cvss_created-epoch": "1119381900", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-4158", "summary": "Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.", "cvss": "4.6", "published": "2005-12-11T02:03:00", "modified": "2017-07-20T01:29:10", "published-epoch": "1134266580", "modified-epoch": "1500514150", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-12-12T23:32:00", "cvss_created-epoch": "1134430320", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2004-1051", "summary": "sudo before 1.6.8p2 allows local users to execute arbitrary commands by using \"()\" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.", "cvss": "7.2", "published": "2005-03-01T05:00:00", "modified": "2017-07-11T01:30:41", "published-epoch": "1109653200", "modified-epoch": "1499736641", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2009-0034", "summary": "parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.", "cvss": "6.9", "published": "2009-01-30T19:30:00", "modified": "2017-09-29T01:33:35", "published-epoch": "1233343800", "modified-epoch": "1506648815", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-02-02T14:38:00", "cvss_created-epoch": "1233585480", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-1776", "summary": "sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.", "cvss": "4.4", "published": "2013-04-08T17:55:01", "modified": "2017-08-29T01:33:10", "published-epoch": "1365443701", "modified-epoch": "1503970390", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-03-30T19:12:23", "cvss_created-epoch": "1459365143", "cvss2_vector": "AV:L/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-0010", "summary": "check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.", "cvss": "4.4", "published": "2011-01-18T18:03:08", "modified": "2018-01-05T02:29:04", "published-epoch": "1295373788", "modified-epoch": "1515119344", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-01-19T13:53:00", "cvss_created-epoch": "1295445180", "cvss2_vector": "AV:L/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-1775", "summary": "sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.", "cvss": "6.9", "published": "2013-03-05T21:38:56", "modified": "2016-11-28T19:08:53", "published-epoch": "1362519536", "modified-epoch": "1480360133", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-03-30T19:13:41", "cvss_created-epoch": "1459365221", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-0427", "summary": "sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.", "cvss": "4.4", "published": "2010-02-25T19:30:00", "modified": "2017-09-19T01:30:23", "published-epoch": "1267126200", "modified-epoch": "1505784623", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-02-26T18:01:00", "cvss_created-epoch": "1267207260", "cvss2_vector": "AV:L/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-0151", "summary": "sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.", "cvss": "7.2", "published": "2006-01-09T23:03:00", "modified": "2010-04-02T06:36:11", "published-epoch": "1136847780", "modified-epoch": "1270190171", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-01-10T14:22:00", "cvss_created-epoch": "1136902920", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2010-2956", "summary": "Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a \"-u root\" sequence.", "cvss": "6.2", "published": "2010-09-10T19:00:02", "modified": "2011-01-21T06:51:47", "published-epoch": "1284145202", "modified-epoch": "1295592707", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-09-13T19:34:00", "cvss_created-epoch": "1284406440", "cvss2_vector": "AV:L/AC:H/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["utility"], "short_version": "1.8.9p5-1ubuntu1.1", "latest_cmp": null, "homepage": null, "url": null, "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.546583850931677, "sha1": "ce2dafdc4dbbd0ee68fc8518d1d3e398760231d4", "name": "ata_id", "timestamp": 1424381473, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/udev/ata_id"], "type": "native"}, {"confidence": 0.546583850931677, "sha1": "e89f72620c30c2b3bb5719f4bb8bec3b0917ed10", "name": "accelerometer", "timestamp": 1424381473, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/udev/accelerometer"], "type": "native"}, {"confidence": 0.546583850931677, "sha1": "438fe4aafe9bcb549218724fc44eed05d90e24e2", "name": "libudev.so.1.3.5", "timestamp": 1424381473, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libudev.so.1.3.5"], "type": "native"}, {"confidence": 0.8012422360248447, "sha1": "fc672c28474261a402fcfe9cebb4b8d913317e18", "name": "systemd-udevd", "timestamp": 1424381473, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/systemd/systemd-udevd"], "type": "native"}, {"confidence": 0.546583850931677, "sha1": "3e7581bbcb0c3acda74cb2e19e9e4aabd49eab0b", "name": "scsi_id", "timestamp": 1424381473, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/udev/scsi_id"], "type": "native"}, {"confidence": 0.546583850931677, "sha1": "bf66a67106e535ab551a4deb2b7930d970175f85", "name": "collect", "timestamp": 1424381473, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/udev/collect"], "type": "native"}, {"confidence": 0.546583850931677, "sha1": "1cbe388cf7b7c400138ab0beffcc94592f5b86c5", "name": "cdrom_id", "timestamp": 1424381473, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/udev/cdrom_id"], "type": "native"}, {"confidence": 0.7204968944099379, "sha1": "19552496e1e5c63aefaf5d4e05a8c248a1d82663", "name": "udevadm", "timestamp": 1424381473, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "bin/udevadm"], "type": "native"}], "objects": ["ata_id", "accelerometer", "libudev.so.1.3.5", "systemd-udevd", "scsi_id", "collect", "cdrom_id", "udevadm"], "version": "204-5ubuntu20.12", "lib": "systemd", "distro_version": "204-5ubuntu20.12", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 18, "exact": 11, "historical": 7}, "vulns": [{"vuln": {"cve": "CVE-2016-7795", "summary": "The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.", "cvss": "4.9", "published": "2016-10-13T14:59:13", "modified": "2017-07-28T01:29:06", "published-epoch": "1476370753", "modified-epoch": "1501205346", "cwe": "CWE-20", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-10-13T17:52:27", "cvss_created-epoch": "1476381147", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "5.5"}, "exact": true, "triage": [{"id": 339, "vuln_id": "CVE-2016-7795", "component": "systemd", "vendor": null, "codetype": "NA", "version": "204-5ubuntu20.12", "modified": "2018-03-22T23:21:15.106737", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-1000082", "summary": "systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. \"0day\"), running the service in question with root privileges rather than the user intended.", "cvss": "10.0", "published": "2017-07-07T17:29:00", "modified": "2017-07-23T01:29:01", "published-epoch": "1499448540", "modified-epoch": "1500773341", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-07-12T13:54:59", "cvss_created-epoch": "1499867699", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 316, "vuln_id": "CVE-2017-1000082", "component": "systemd", "vendor": null, "codetype": "NA", "version": "204-5ubuntu20.12", "modified": "2018-03-22T23:21:14.904104", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-9217", "summary": "systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section.", "cvss": "5.0", "published": "2017-05-24T05:29:00", "modified": "2017-06-06T19:18:15", "published-epoch": "1495603740", "modified-epoch": "1496776695", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-06-06T18:45:59", "cvss_created-epoch": "1496774759", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 334, "vuln_id": "CVE-2017-9217", "component": "systemd", "vendor": null, "codetype": "NA", "version": "204-5ubuntu20.12", "modified": "2018-03-22T23:21:15.063219", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-9445", "summary": "In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it.", "cvss": "5.0", "published": "2017-06-28T06:29:00", "modified": "2017-07-07T01:29:05", "published-epoch": "1498631340", "modified-epoch": "1499390945", "cwe": "CWE-787", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-07-03T17:56:41", "cvss_created-epoch": "1499104601", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "triage": [{"id": 331, "vuln_id": "CVE-2017-9445", "component": "systemd", "vendor": null, "codetype": "NA", "version": "204-5ubuntu20.12", "modified": "2018-03-22T23:21:15.040494", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2018-6954", "summary": "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.", "cvss": "7.2", "published": "2018-02-13T20:29:00", "modified": "2018-03-16T13:36:00", "published-epoch": "1518553740", "modified-epoch": "1521207360", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-02-13T20:29:00", "cvss_created-epoch": "1518553740", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "7.8"}, "exact": true, "triage": [{"id": 322, "vuln_id": "CVE-2018-6954", "component": "systemd", "vendor": null, "codetype": "NA", "version": "204-5ubuntu20.12", "modified": "2018-03-22T23:21:14.967837", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-15908", "summary": "In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.", "cvss": "5.0", "published": "2017-10-26T14:29:00", "modified": "2018-03-16T01:29:00", "published-epoch": "1509028140", "modified-epoch": "1521163740", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-10-26T14:29:00", "cvss_created-epoch": "1509028140", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, "exact": true, "timestamp-objects": ["ata_id"], "triage": [{"id": 328, "vuln_id": "CVE-2017-15908", "component": "systemd", "vendor": null, "codetype": "NA", "version": "204-5ubuntu20.12", "modified": "2018-03-22T23:21:15.012505", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2018-1049", "summary": "In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.", "cvss": "4.3", "published": "2018-02-16T21:29:00", "modified": "2018-03-16T01:29:00", "published-epoch": "1518816540", "modified-epoch": "1521163740", "cwe": "CWE-362", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-02-16T21:29:00", "cvss_created-epoch": "1518816540", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "5.9"}, "exact": true, "timestamp-objects": ["ata_id"], "triage": [{"id": 342, "vuln_id": "CVE-2018-1049", "component": "systemd", "vendor": null, "codetype": "NA", "version": "204-5ubuntu20.12", "modified": "2018-03-22T23:21:15.145276", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-10156", "summary": "A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.", "cvss": "7.2", "published": "2017-01-23T07:59:00", "modified": "2017-07-26T01:29:00", "published-epoch": "1485158340", "modified-epoch": "1501032540", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-01-27T17:16:06", "cvss_created-epoch": "1485537366", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": true, "timestamp-objects": ["ata_id"], "triage": [{"id": 325, "vuln_id": "CVE-2016-10156", "component": "systemd", "vendor": null, "codetype": "NA", "version": "204-5ubuntu20.12", "modified": "2018-03-22T23:21:14.990613", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2012-1174", "summary": "The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to \"particular records related with user session.\"", "cvss": "3.3", "published": "2012-07-12T20:55:15", "modified": "2012-08-14T03:35:28", "published-epoch": "1342126515", "modified-epoch": "1344915328", "cwe": "CWE-362", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2012-07-13T14:59:00", "cvss_created-epoch": "1342191540", "cvss2_vector": "AV:L/AC:M/Au:N:/C:N/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2016-7796", "summary": "The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.", "cvss": "4.9", "published": "2016-10-13T14:59:14", "modified": "2017-07-28T01:29:06", "published-epoch": "1476370754", "modified-epoch": "1501205346", "cwe": "CWE-20", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-10-13T17:16:59", "cvss_created-epoch": "1476379019", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:N/A:C", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "5.5"}, "exact": true, "timestamp-objects": ["ata_id"], "triage": [{"id": 337, "vuln_id": "CVE-2016-7796", "component": "systemd", "vendor": null, "codetype": "NA", "version": "204-5ubuntu20.12", "modified": "2018-03-22T23:21:15.086577", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2013-4394", "summary": "The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving \"special and control characters.\"", "cvss": "5.9", "published": "2013-10-28T22:55:03", "modified": "2017-07-01T01:29:04", "published-epoch": "1383000903", "modified-epoch": "1498872544", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-10-29T16:47:31", "cvss_created-epoch": "1383065251", "cvss2_vector": "AV:L/AC:H/Au:N:/C:C/I:C/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2013-4393", "summary": "journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor.", "cvss": "2.1", "published": "2013-10-28T22:55:03", "modified": "2017-07-01T01:29:04", "published-epoch": "1383000903", "modified-epoch": "1498872544", "cwe": "CWE-399", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-10-29T16:31:36", "cvss_created-epoch": "1383064296", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2012-0871", "summary": "The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.", "cvss": "6.3", "published": "2014-04-18T14:55:25", "modified": "2014-04-21T14:14:52", "published-epoch": "1397832925", "modified-epoch": "1398089692", "cwe": "CWE-59", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-04-21T14:14:52", "cvss_created-epoch": "1398089692", "cvss2_vector": "AV:L/AC:M/Au:N:/C:N/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2013-4391", "summary": "Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow.", "cvss": "7.5", "published": "2013-10-28T22:55:03", "modified": "2017-07-01T01:29:04", "published-epoch": "1383000903", "modified-epoch": "1498872544", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-10-29T16:04:45", "cvss_created-epoch": "1383062685", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2017-18078", "summary": "systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.", "cvss": "4.6", "published": "2018-01-29T05:29:00", "modified": "2018-02-28T18:16:00", "published-epoch": "1517203740", "modified-epoch": "1519841760", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2018-01-29T05:29:00", "cvss_created-epoch": "1517203740", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": true, "timestamp-objects": ["ata_id"], "triage": [{"id": 340, "vuln_id": "CVE-2017-18078", "component": "systemd", "vendor": null, "codetype": "NA", "version": "204-5ubuntu20.12", "modified": "2018-03-22T23:21:15.125833", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2013-4327", "summary": "systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.", "cvss": "4.6", "published": "2013-10-03T21:55:04", "modified": "2016-10-19T17:05:22", "published-epoch": "1380837304", "modified-epoch": "1476896722", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-10-19T14:39:03", "cvss_created-epoch": "1476887943", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2013-4392", "summary": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": "3.3", "published": "2013-10-28T22:55:03", "modified": "2013-12-08T06:00:48", "published-epoch": "1383000903", "modified-epoch": "1386482448", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2013-10-29T12:15:08", "cvss_created-epoch": "1383048908", "cvss2_vector": "AV:L/AC:M/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2015-7510", "summary": "Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd.", "cvss": "7.5", "published": "2017-09-25T21:29:00", "modified": "2017-10-06T18:06:27", "published-epoch": "1506374940", "modified-epoch": "1507313187", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-10-06T02:37:20", "cvss_created-epoch": "1507257440", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "timestamp-objects": ["ata_id"], "triage": [{"id": 319, "vuln_id": "CVE-2015-7510", "component": "systemd", "vendor": null, "codetype": "NA", "version": "204-5ubuntu20.12", "modified": "2018-03-22T23:21:14.944164", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}], "tags": ["utility"], "short_version": "204-5ubuntu20.12", "latest_cmp": null, "homepage": null, "url": null, "codetype": "Native", "coverity_scan": {"name": "systemd/systemd", "language": "C/C++", "id": 350, "homepage_url": "", "details": {"loc": 473517, "defect_density": {"comparison": 0.5, "over_time": [{"2017-11-01": 2.33, "2018-01-01": 0.15, "2017-02-01": 0.12, "2016-04-01": 0.14, "2017-01-01": 0.25, "2018-02-01": 0.34, "2016-03-01": 0.14}], "score": 0.09, "verdict": "low", "loc_range": "100,000 to 499,999"}, "build_date": "2018-02-15", "project_url": "https://scan.coverity.com/projects/systemd", "version": "9c869ff6bf", "cwe": [{"name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "defect_count": 1, "id": 120, "rank": 3, "uri": "http://cwe.mitre.org/top25/#CWE-120"}, {"name": "Integer Overflow or Wraparound", "defect_count": 1, "id": 190, "rank": 24, "uri": "http://cwe.mitre.org/top25/#CWE-190"}, {"name": "Use of Potentially Dangerous Function", "defect_count": 1, "id": 676, "rank": 18, "uri": "http://cwe.mitre.org/top25/#CWE-676"}]}, "repo_url": "https://github.com/systemd/systemd", "slug": "systemd", "mapped-name": "systemd"}}, {"extended-objects": [{"confidence": 0.9258517034068137, "sha1": "518625e45f193ba184a207a319f8a2a1c334c423", "name": "tar", "timestamp": 1391519762, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "bin/tar"], "type": "native"}], "objects": ["tar"], "version": "1.27.1-1", "lib": "tar", "distro_version": "1.27.1-1", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 11, "exact": 0, "historical": 11}, "vulns": [{"vuln": {"cve": "CVE-2016-6321", "summary": "Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.", "cvss": "5.0", "published": "2016-12-09T22:59:00", "modified": "2017-07-01T01:30:00", "published-epoch": "1481324340", "modified-epoch": "1498872600", "cwe": "CWE-22", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-13T19:10:00", "cvss_created-epoch": "1481656200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss3_score": "7.5"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2007-4131", "summary": "Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.", "cvss": "6.8", "published": "2007-08-25T00:17:00", "modified": "2017-09-29T01:29:13", "published-epoch": "1188001020", "modified-epoch": "1506648553", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-08-27T12:17:00", "cvss_created-epoch": "1188217020", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2002-1216", "summary": "GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check.", "cvss": "5.0", "published": "2002-10-28T05:00:00", "modified": "2016-10-18T02:24:48", "published-epoch": "1035781200", "modified-epoch": "1476757488", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2010-0624", "summary": "Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.", "cvss": "6.8", "published": "2010-03-15T13:28:25", "modified": "2017-09-19T01:30:26", "published-epoch": "1268659705", "modified-epoch": "1505784626", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2010-03-15T18:16:00", "cvss_created-epoch": "1268676960", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2001-1267", "summary": "Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).", "cvss": "2.1", "published": "2001-07-12T04:00:00", "modified": "2008-09-05T20:26:06", "published-epoch": "994910400", "modified-epoch": "1220646366", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2005-2541", "summary": "Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.", "cvss": "10.0", "published": "2005-08-10T04:00:00", "modified": "2016-10-18T03:28:05", "published-epoch": "1123646400", "modified-epoch": "1476761285", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-08-10T14:00:00", "cvss_created-epoch": "1123682400", "cvss2_vector": "AV:N/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2002-0399", "summary": "Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) \"/..\" or (2) \"./..\" string, which removes the leading slash but leaves the \"..\", a variant of CVE-2001-1267.", "cvss": "5.0", "published": "2002-10-10T04:00:00", "modified": "2016-10-18T02:20:04", "published-epoch": "1034222400", "modified-epoch": "1476757204", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2006-0300", "summary": "Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.", "cvss": "5.1", "published": "2006-02-24T00:02:00", "modified": "2017-10-11T01:30:36", "published-epoch": "1140739320", "modified-epoch": "1507685436", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-02-24T14:18:00", "cvss_created-epoch": "1140790680", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2005-1918", "summary": "The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an \"incorrect optimization\" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving \"/../\" sequences with a leading \"/\".", "cvss": "2.6", "published": "2005-12-31T05:00:00", "modified": "2017-10-11T01:30:10", "published-epoch": "1136005200", "modified-epoch": "1507685410", "cwe": "CWE-22", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-05-12T14:06:00", "cvss_created-epoch": "1147442760", "cvss2_vector": "AV:N/AC:H/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2007-4476", "summary": "Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a \"crashing stack.\"", "cvss": "7.5", "published": "2007-09-05T01:17:00", "modified": "2017-09-29T01:29:17", "published-epoch": "1188955020", "modified-epoch": "1506648557", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-09-05T17:26:00", "cvss_created-epoch": "1189013160", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2006-6097", "summary": "GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.", "cvss": "4.0", "published": "2006-11-24T18:07:00", "modified": "2017-10-11T01:31:24", "published-epoch": "1164391620", "modified-epoch": "1507685484", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2006-11-27T19:12:00", "cvss_created-epoch": "1164654720", "cvss2_vector": "AV:N/AC:H/Au:N:/C:N/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}], "tags": ["utility"], "short_version": "1.27.1-1", "latest_cmp": null, "homepage": null, "url": null, "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.5513698630136986, "sha1": "bd1b27fd34b779a8df2b10f5c7bc13f28fcc8a47", "name": "libext2fs.so.2.4", "timestamp": 1424114748, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libext2fs.so.2.4"], "type": "native"}], "objects": ["libext2fs.so.2.4"], "version": null, "lib": "tdb", "distro_version": null, "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 0, "exact": 0, "historical": 0}, "vulns": [], "tags": ["database"], "homepage": "https://tdb.samba.org/", "short_version": "", "latest_cmp": null, "url": null, "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 1.0, "sha1": "f8318fbf9490e34035d35494f99842cb1f57192e", "name": "init", "timestamp": 1405676811, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "sbin/init"], "type": "native"}], "objects": ["init"], "version": "1.12.1-0ubuntu4.2", "lib": "upstart", "distro_version": "1.12.1-0ubuntu4.2", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 1, "exact": 0, "historical": 1}, "vulns": [{"vuln": {"cve": "CVE-2015-2285", "summary": "The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/.", "cvss": "7.2", "published": "2015-03-12T14:59:07", "modified": "2015-03-13T14:05:22", "published-epoch": "1426172347", "modified-epoch": "1426255522", "cwe": "CWE-19", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2015-03-12T18:23:52", "cvss_created-epoch": "1426184632", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}], "tags": ["init", "system"], "short_version": "1.12.1-0ubuntu4.2", "latest_cmp": null, "homepage": null, "url": null, "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.42168674698795183, "sha1": "3c037521772524e00ec47eb8ee78349bf7a27e59", "name": "agetty", "timestamp": 1423767218, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "sbin/agetty"], "type": "native", "source-match": "agetty"}, {"confidence": 0.42168674698795183, "sha1": "3c037521772524e00ec47eb8ee78349bf7a27e59", "name": "getty", "timestamp": 1423767218, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "sbin/getty"], "type": "native", "source-match": "agetty"}], "objects": ["agetty", "getty"], "version": "2.20.1-5.1ubuntu20.4", "lib": "util-linux", "distro_version": "2.20.1-5.1ubuntu20.4", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 18, "exact": 1, "historical": 17}, "vulns": [{"vuln": {"cve": "CVE-2014-9114", "summary": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", "cvss": "7.2", "published": "2017-03-31T16:59:00", "modified": "2017-09-08T01:29:32", "published-epoch": "1490979540", "modified-epoch": "1504834172", "cwe": "CWE-77", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-04-05T01:46:19", "cvss_created-epoch": "1491356779", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": true, "triage": [{"id": 262, "vuln_id": "CVE-2014-9114", "component": "util-linux", "vendor": null, "codetype": "NA", "version": "2.20.1-5.1ubuntu20.4", "modified": "2018-03-22T23:19:37.668993", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2015-5218", "summary": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", "cvss": "2.1", "published": "2015-11-09T16:59:06", "modified": "2017-07-19T18:46:48", "published-epoch": "1447088346", "modified-epoch": "1500490008", "cwe": "CWE-119", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-07-19T18:35:41", "cvss_created-epoch": "1500489341", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2004-0080", "summary": "The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data.", "cvss": "5.0", "published": "2004-03-03T05:00:00", "modified": "2017-10-10T01:30:17", "published-epoch": "1078290000", "modified-epoch": "1507599017", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2001-1494", "summary": "script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.", "cvss": "2.1", "published": "2001-12-31T05:00:00", "modified": "2017-10-11T01:29:00", "published-epoch": "1009774800", "modified-epoch": "1507685340", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-09-20T17:52:00", "cvss_created-epoch": "1127238720", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-1677", "summary": "mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors.", "cvss": "4.6", "published": "2011-04-10T02:55:02", "modified": "2018-01-10T02:29:00", "published-epoch": "1302404102", "modified-epoch": "1515551340", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-07T18:57:41", "cvss_created-epoch": "1481137061", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2008-1926", "summary": "Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an \"addr=\" statement to the login name, aka \"audit log injection.\"", "cvss": "7.5", "published": "2008-04-24T05:05:00", "modified": "2017-09-29T01:30:56", "published-epoch": "1209013500", "modified-epoch": "1506648656", "cwe": "CWE-94", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-04-24T18:37:00", "cvss_created-epoch": "1209062220", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2007-5191", "summary": "mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.", "cvss": "6.9", "published": "2007-10-04T16:17:00", "modified": "2017-09-29T01:29:31", "published-epoch": "1191514620", "modified-epoch": "1506648571", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-10-05T11:03:00", "cvss_created-epoch": "1191582180", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0094", "summary": "A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed.", "cvss": "5.0", "published": "2003-03-03T05:00:00", "modified": "2017-10-10T01:30:14", "published-epoch": "1046667600", "modified-epoch": "1507599014", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2011-1675", "summary": "mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.", "cvss": "3.3", "published": "2011-04-10T02:55:01", "modified": "2018-01-10T02:29:00", "published-epoch": "1302404101", "modified-epoch": "1515551340", "cwe": "CWE-399", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-12-07T18:36:28", "cvss_created-epoch": "1481135788", "cvss2_vector": "AV:L/AC:M/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-2779", "summary": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", "cvss": "7.2", "published": "2017-02-07T15:59:00", "modified": "2017-03-02T16:12:54", "published-epoch": "1486483140", "modified-epoch": "1488471174", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-03-01T23:36:40", "cvss_created-epoch": "1488411400", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": false}, {"vuln": {"cve": "CVE-2001-1147", "summary": "The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits.", "cvss": "7.2", "published": "2001-10-08T04:00:00", "modified": "2008-09-05T20:25:48", "published-epoch": "1002513600", "modified-epoch": "1220646348", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2006-7108", "summary": "login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok.", "cvss": "4.1", "published": "2007-03-04T22:19:00", "modified": "2017-10-11T01:31:29", "published-epoch": "1173046740", "modified-epoch": "1507685489", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-03-07T17:59:00", "cvss_created-epoch": "1173290340", "cvss2_vector": "AV:L/AC:M/Au:S:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2001-1175", "summary": "vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing.", "cvss": "7.2", "published": "2002-04-01T05:00:00", "modified": "2017-10-10T01:30:01", "published-epoch": "1017637200", "modified-epoch": "1507599001", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2013-0157", "summary": "(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists.", "cvss": "2.1", "published": "2014-01-21T18:55:09", "modified": "2014-01-22T20:26:30", "published-epoch": "1390330509", "modified-epoch": "1390422390", "cwe": "CWE-200", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-01-22T20:26:30", "cvss_created-epoch": "1390422390", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-5011", "summary": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.", "cvss": "4.7", "published": "2017-04-11T15:59:00", "modified": "2017-04-17T16:50:39", "published-epoch": "1491926340", "modified-epoch": "1492447839", "cwe": "CWE-399", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-04-16T23:42:12", "cvss_created-epoch": "1492386132", "cvss2_vector": "AV:L/AC:M/Au:N:/C:N/I:N/A:C", "cvss3_vector": "AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3_score": "4.3"}, "exact": false}, {"vuln": {"cve": "CVE-2005-2876", "summary": "umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags.", "cvss": "7.2", "published": "2005-09-13T23:03:00", "modified": "2017-10-11T01:30:20", "published-epoch": "1126652580", "modified-epoch": "1507685420", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-09-14T12:23:00", "cvss_created-epoch": "1126700580", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2015-5224", "summary": "The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.", "cvss": "7.5", "published": "2017-08-23T15:29:00", "modified": "2017-09-01T16:08:32", "published-epoch": "1503502140", "modified-epoch": "1504282112", "cwe": "CWE-264", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-09-01T16:04:46", "cvss_created-epoch": "1504281886", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": false}, {"vuln": {"cve": "CVE-2011-1676", "summary": "mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt to add a mount entry, which allows local users to trigger corruption of the /etc/mtab file via multiple invocations.", "cvss": "3.3", "published": "2011-04-10T02:55:01", "modified": "2017-08-17T01:34:18", "published-epoch": "1302404101", "modified-epoch": "1502933658", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2011-04-11T17:30:00", "cvss_created-epoch": "1302543000", "cvss2_vector": "AV:L/AC:M/Au:N:/C:P/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["utility"], "short_version": "2.20.1-5.1ubuntu20.4", "latest_cmp": null, "homepage": null, "url": null, "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.34562951082598237, "sha1": "b141278bfbdf0e0cf18e7ee000ab74c54d14c068", "name": "vim.tiny", "timestamp": 1388691604, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/vim.tiny"], "type": "native"}], "objects": ["vim.tiny"], "version": "7.4.052-1ubuntu3", "lib": "vim", "distro_version": "7.4.052-1ubuntu3", "distro": "ubuntu", "cpe": ["cpe:/a:vim:vim:7.4.052-1ubuntu3"], "latest_version": "8.0.1600", "vuln-count": {"total": 24, "exact": 7, "historical": 17}, "vulns": [{"vuln": {"cve": "CVE-2005-2368", "summary": "vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels.", "cvss": "9.3", "published": "2005-07-26T04:00:00", "modified": "2017-10-11T01:30:16", "published-epoch": "1122350400", "modified-epoch": "1507685416", "cwe": "CWE-78", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-07-28T14:03:00", "cvss_created-epoch": "1122559380", "cvss2_vector": "AV:N/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2008-3432", "summary": "Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.", "cvss": "6.8", "published": "2008-10-10T10:30:03", "modified": "2017-09-29T01:31:41", "published-epoch": "1223634603", "modified-epoch": "1506648701", "cwe": "CWE-119", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-10-10T15:30:00", "cvss_created-epoch": "1223652600", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2008-3074", "summary": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.", "cvss": "9.3", "published": "2009-02-21T22:30:00", "modified": "2017-09-29T01:31:29", "published-epoch": "1235255400", "modified-epoch": "1506648689", "cwe": "CWE-78", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-02-23T20:23:00", "cvss_created-epoch": "1235420580", "cvss2_vector": "AV:N/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2008-3076", "summary": "The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.", "cvss": "9.3", "published": "2009-02-21T22:30:00", "modified": "2017-08-08T01:31:33", "published-epoch": "1235255400", "modified-epoch": "1502155893", "cwe": "CWE-78", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-02-23T20:39:00", "cvss_created-epoch": "1235421540", "cvss2_vector": "AV:N/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2008-3075", "summary": "The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the \"!\" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.", "cvss": "9.3", "published": "2009-02-21T22:30:00", "modified": "2017-09-29T01:31:29", "published-epoch": "1235255400", "modified-epoch": "1506648689", "cwe": "CWE-94", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-02-23T20:31:00", "cvss_created-epoch": "1235421060", "cvss2_vector": "AV:N/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2016-1248", "summary": "vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.", "cvss": "6.8", "published": "2016-11-23T15:59:00", "modified": "2017-07-28T01:29:00", "published-epoch": "1479916740", "modified-epoch": "1501205340", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2016-11-23T17:24:06", "cvss_created-epoch": "1479921846", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": true, "timestamp-objects": ["vim.tiny"], "triage": [{"id": 346, "vuln_id": "CVE-2016-1248", "component": "vim", "vendor": null, "codetype": "NA", "version": "7.4.052-1ubuntu3", "modified": "2018-03-22T23:21:15.244476", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-5953", "summary": "vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.", "cvss": "7.5", "published": "2017-02-10T07:59:00", "modified": "2017-11-04T01:29:45", "published-epoch": "1486713540", "modified-epoch": "1509758985", "cwe": "CWE-190", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-02-15T15:30:35", "cvss_created-epoch": "1487172635", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "timestamp-objects": ["vim.tiny"], "triage": [{"id": 344, "vuln_id": "CVE-2017-5953", "component": "vim", "vendor": null, "codetype": "NA", "version": "7.4.052-1ubuntu3", "modified": "2018-03-22T23:21:15.180445", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2007-2438", "summary": "The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.", "cvss": "7.6", "published": "2007-05-02T21:19:00", "modified": "2017-10-11T01:32:12", "published-epoch": "1178140740", "modified-epoch": "1507685532", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-05-03T14:04:00", "cvss_created-epoch": "1178201040", "cvss2_vector": "AV:N/AC:H/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2007-2953", "summary": "Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.", "cvss": "6.8", "published": "2007-07-31T10:17:00", "modified": "2017-10-11T01:32:30", "published-epoch": "1185877020", "modified-epoch": "1507685550", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2007-07-31T22:06:00", "cvss_created-epoch": "1185919560", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2004-1138", "summary": "VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu.", "cvss": "7.2", "published": "2005-01-10T05:00:00", "modified": "2017-10-11T01:29:41", "published-epoch": "1105333200", "modified-epoch": "1507685381", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2001-0408", "summary": "vim (aka gvim) processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes.", "cvss": "5.1", "published": "2001-06-18T04:00:00", "modified": "2017-10-10T01:29:42", "published-epoch": "992836800", "modified-epoch": "1507598982", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2017-17087", "summary": "fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.", "cvss": "2.1", "published": "2017-12-01T08:29:00", "modified": "2017-12-20T18:03:31", "published-epoch": "1512116940", "modified-epoch": "1513793011", "cwe": "CWE-200", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-12-14T19:37:59", "cvss_created-epoch": "1513280279", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "5.5"}, "exact": true, "timestamp-objects": ["vim.tiny"], "triage": [{"id": 347, "vuln_id": "CVE-2017-17087", "component": "vim", "vendor": null, "codetype": "NA", "version": "7.4.052-1ubuntu3", "modified": "2018-03-22T23:21:15.266764", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-6349", "summary": "An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.", "cvss": "7.5", "published": "2017-02-27T07:59:00", "modified": "2017-07-17T13:18:28", "published-epoch": "1488182340", "modified-epoch": "1500297508", "cwe": "CWE-190", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-02-28T00:13:28", "cvss_created-epoch": "1488240808", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "timestamp-objects": ["vim.tiny"], "triage": [{"id": 343, "vuln_id": "CVE-2017-6349", "component": "vim", "vendor": null, "codetype": "NA", "version": "7.4.052-1ubuntu3", "modified": "2018-03-22T23:21:15.155110", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2009-0316", "summary": "Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.", "cvss": "6.9", "published": "2009-01-28T11:30:00", "modified": "2017-08-08T01:33:53", "published-epoch": "1233142200", "modified-epoch": "1502156033", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-01-28T18:03:00", "cvss_created-epoch": "1233165780", "cvss2_vector": "AV:L/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2001-0409", "summary": "vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory.", "cvss": "2.1", "published": "2001-06-18T04:00:00", "modified": "2017-10-10T01:29:43", "published-epoch": "992836800", "modified-epoch": "1507598983", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:P/A:N", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2017-1000382", "summary": "VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file (\"[ORIGINAL_FILENAME].swp\") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.", "cvss": "2.1", "published": "2017-10-31T20:29:00", "modified": "2017-11-27T16:24:45", "published-epoch": "1509481740", "modified-epoch": "1511799885", "cwe": "CWE-200", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "NONE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-11-22T22:17:34", "cvss_created-epoch": "1511389054", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:N/A:N", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss3_score": "5.5"}, "exact": true, "timestamp-objects": ["vim.tiny"], "triage": [{"id": 348, "vuln_id": "CVE-2017-1000382", "component": "vim", "vendor": null, "codetype": "NA", "version": "7.4.052-1ubuntu3", "modified": "2018-03-22T23:21:15.288279", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2017-11109", "summary": "Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.", "cvss": "6.8", "published": "2017-07-08T17:29:00", "modified": "2017-07-13T12:40:05", "published-epoch": "1499534940", "modified-epoch": "1499949605", "cwe": "CWE-416", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-07-12T17:53:01", "cvss_created-epoch": "1499881981", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": true, "timestamp-objects": ["vim.tiny"], "triage": [{"id": 345, "vuln_id": "CVE-2017-11109", "component": "vim", "vendor": null, "codetype": "NA", "version": "7.4.052-1ubuntu3", "modified": "2018-03-22T23:21:15.205097", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2008-4101", "summary": "Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a \";\" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) \"Ctrl-]\" (control close-square-bracket) or (3) \"g]\" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.", "cvss": "9.3", "published": "2008-09-18T17:59:32", "modified": "2017-09-29T01:32:00", "published-epoch": "1221760772", "modified-epoch": "1506648720", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-09-19T11:58:00", "cvss_created-epoch": "1221825480", "cvss2_vector": "AV:N/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2008-6235", "summary": "The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) \"D\" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.", "cvss": "9.3", "published": "2009-02-21T23:30:00", "modified": "2017-09-29T01:33:02", "published-epoch": "1235259000", "modified-epoch": "1506648782", "cwe": "CWE-78", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-02-23T20:43:00", "cvss_created-epoch": "1235421780", "cvss2_vector": "AV:N/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2008-2712", "summary": "Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.", "cvss": "9.3", "published": "2008-06-16T21:41:00", "modified": "2017-09-29T01:31:17", "published-epoch": "1213652460", "modified-epoch": "1506648677", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "COMPLETE", "cvss_integrity_impact": "COMPLETE", "cvss_availability_impact": "COMPLETE", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-06-17T17:04:00", "cvss_created-epoch": "1213722240", "cvss2_vector": "AV:N/AC:M/Au:N:/C:C/I:C/A:C", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2017-6350", "summary": "An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.", "cvss": "7.5", "published": "2017-02-27T07:59:00", "modified": "2017-07-17T13:18:28", "published-epoch": "1488182340", "modified-epoch": "1500297508", "cwe": "CWE-190", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-02-28T00:09:30", "cvss_created-epoch": "1488240570", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "timestamp-objects": ["vim.tiny"], "triage": [{"id": 341, "vuln_id": "CVE-2017-6350", "component": "vim", "vendor": null, "codetype": "NA", "version": "7.4.052-1ubuntu3", "modified": "2018-03-22T23:21:15.130067", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2002-1377", "summary": "vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.", "cvss": "4.6", "published": "2002-12-23T05:00:00", "modified": "2017-10-10T01:30:11", "published-epoch": "1040619600", "modified-epoch": "1507599011", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2008-3294", "summary": "src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure.", "cvss": "3.7", "published": "2008-07-24T18:41:00", "modified": "2011-08-05T04:00:00", "published-epoch": "1216924860", "modified-epoch": "1312516800", "cwe": "CWE-94", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2008-07-25T15:38:00", "cvss_created-epoch": "1217000280", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}, {"vuln": {"cve": "CVE-2005-0069", "summary": "The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files.", "cvss": "4.6", "published": "2005-01-13T05:00:00", "modified": "2017-10-11T01:29:49", "published-epoch": "1105592400", "modified-epoch": "1507685389", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-06-02T19:01:00", "cvss_created-epoch": "1117738860", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}], "tags": ["editor"], "homepage": "https://www.vim.org/", "upstream-source": "https://github.com/vim/vim/archive/v8.0.1600.tar.gz", "latest-version": "8.0.1600", "short_version": "7.4.052-1ubuntu3", "latest_cmp": false, "url": "https://github.com/vim/vim/archive/v8.0.1600.tar.gz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 1.0, "sha1": "165768f0bfa442ef3a856888d4566ddad5f6c812", "name": "cron", "timestamp": 1360393343, "binary-type": "elf-executable-x86_64", "exe-flags": ["no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/sbin/cron"], "type": "native"}, {"confidence": 0.2558139534883721, "sha1": "715a5bd7dbaed97487f4a0caab0e7c6307d34dd5", "name": "crontab", "timestamp": 1360393343, "binary-type": "unknown", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/bin/crontab"], "type": "native"}], "objects": ["cron", "crontab"], "version": "3.0pl1-124ubuntu2", "lib": "vixie-cron", "distro_version": "3.0pl1-124ubuntu2", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 0, "exact": 0, "historical": 0}, "vulns": [], "tags": ["cron", "system"], "short_version": "3.0pl1-124ubuntu2", "latest_cmp": null, "homepage": null, "url": null, "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 1.0, "sha1": "68a05bd69c34e93c38f2b2d97e00c10b3cd7f732", "name": "liblzma.so.5.0.0", "timestamp": 1392218089, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/liblzma.so.5.0.0"], "type": "native"}], "objects": ["liblzma.so.5.0.0"], "version": "5.1.1alpha+20120614-2ubuntu2", "lib": "xz", "distro_version": "5.1.1alpha+20120614-2ubuntu2", "distro": "ubuntu", "cpe": ["cpe:/a:tukaani:xz:5.1.1alpha+20120614-2ubuntu2"], "latest_version": "5.2.3", "vuln-count": {"total": 1, "exact": 0, "historical": 1}, "vulns": [{"vuln": {"cve": "CVE-2015-4035", "summary": "scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name.", "cvss": "4.6", "published": "2017-07-25T18:29:00", "modified": "2017-07-28T19:04:27", "published-epoch": "1501007340", "modified-epoch": "1501268667", "cwe": "CWE-20", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-07-28T17:23:50", "cvss_created-epoch": "1501262630", "cvss2_vector": "AV:L/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "7.8"}, "exact": false}], "tags": ["compression"], "homepage": "https://tukaani.org/xz/", "upstream-source": "https://downloads.sourceforge.net/project/lzmautils/xz-5.2.3.tar.gz", "latest-version": "5.2.3", "short_version": "5.1.1alpha+20120614-2ubuntu2", "latest_cmp": false, "url": "https://downloads.sourceforge.net/project/lzmautils/xz-5.2.3.tar.gz", "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.9, "sha1": "474aa2b952e99cdfafe8f119e8e1e1bbb415a1d8", "name": "libz.so.1.2.8", "timestamp": 1368448978, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libz.so.1.2.8"], "type": "native"}], "objects": ["libz.so.1.2.8"], "version": "1.2.8.dfsg-1ubuntu1", "lib": "zlib", "distro_version": "1.2.8.dfsg-1ubuntu1", "distro": "ubuntu", "cpe": ["cpe:/a:gnu:zlib:1.2.8.dfsg-1ubuntu1"], "latest_version": "1.2.11", "vuln-count": {"total": 9, "exact": 4, "historical": 5}, "vulns": [{"vuln": {"cve": "CVE-2016-9840", "summary": "inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", "cvss": "6.8", "published": "2017-05-23T04:29:01", "modified": "2018-01-05T02:31:24", "published-epoch": "1495513741", "modified-epoch": "1515119484", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-30T17:01:03", "cvss_created-epoch": "1496163663", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "8.8"}, "exact": true, "triage": [{"id": 314, "vuln_id": "CVE-2016-9840", "component": "zlib", "vendor": null, "codetype": "NA", "version": "1.2.8.dfsg-1ubuntu1", "modified": "2018-03-22T23:20:43.306848", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-9841", "summary": "inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", "cvss": "7.5", "published": "2017-05-23T04:29:01", "modified": "2018-01-05T02:31:24", "published-epoch": "1495513741", "modified-epoch": "1515119484", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-30T17:04:11", "cvss_created-epoch": "1496163851", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 310, "vuln_id": "CVE-2016-9841", "component": "zlib", "vendor": null, "codetype": "NA", "version": "1.2.8.dfsg-1ubuntu1", "modified": "2018-03-22T23:20:43.263292", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-9842", "summary": "The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.", "cvss": "6.8", "published": "2017-05-23T04:29:01", "modified": "2018-01-05T02:31:24", "published-epoch": "1495513741", "modified-epoch": "1515119484", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-30T17:04:28", "cvss_created-epoch": "1496163868", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "8.8"}, "exact": true, "triage": [{"id": 312, "vuln_id": "CVE-2016-9842", "component": "zlib", "vendor": null, "codetype": "NA", "version": "1.2.8.dfsg-1ubuntu1", "modified": "2018-03-22T23:20:43.286193", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2016-9843", "summary": "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.", "cvss": "7.5", "published": "2017-05-23T04:29:01", "modified": "2018-01-05T02:31:24", "published-epoch": "1495513741", "modified-epoch": "1515119484", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-30T17:04:51", "cvss_created-epoch": "1496163891", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": true, "triage": [{"id": 308, "vuln_id": "CVE-2016-9843", "component": "zlib", "vendor": null, "codetype": "NA", "version": "1.2.8.dfsg-1ubuntu1", "modified": "2018-03-22T23:20:43.239464", "scope": "FN", "reason": "VP", "description": "", "user": {"id": 35, "email": "bot_piper_team@protecode-sc.local", "firstname": "", "lastname": "", "username": "bot_piper_team@protecode-sc.lo"}}]}, {"vuln": {"cve": "CVE-2004-0797", "summary": "The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash).", "cvss": "2.1", "published": "2004-10-20T04:00:00", "modified": "2017-07-11T01:30:28", "published-epoch": "1098244800", "modified-epoch": "1499736628", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-2096", "summary": "zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.", "cvss": "7.5", "published": "2005-07-06T04:00:00", "modified": "2017-07-11T01:32:46", "published-epoch": "1120622400", "modified-epoch": "1499736766", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-07-07T14:15:00", "cvss_created-epoch": "1120745700", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2002-0059", "summary": "The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a \"double free\"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.", "cvss": "7.5", "published": "2002-03-15T05:00:00", "modified": "2008-09-10T19:11:10", "published-epoch": "1016168400", "modified-epoch": "1221073870", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0107", "summary": "Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.", "cvss": "7.5", "published": "2003-03-07T05:00:00", "modified": "2017-01-03T02:59:00", "published-epoch": "1047013200", "modified-epoch": "1483412340", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-1849", "summary": "inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.", "cvss": "5.0", "published": "2005-07-26T04:00:00", "modified": "2017-10-11T01:30:10", "published-epoch": "1122350400", "modified-epoch": "1507685410", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-07-27T20:25:00", "cvss_created-epoch": "1122495900", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["compression"], "homepage": "https://zlib.net/", "upstream-source": "https://zlib.net/zlib-1.2.11.tar.gz", "latest-version": "1.2.11", "short_version": "1.2.8.dfsg-1ubuntu1", "latest_cmp": false, "url": "https://zlib.net/zlib-1.2.11.tar.gz", "codetype": "Native", "coverity_scan": {"name": "zlib", "language": "C/C++", "id": 256, "homepage_url": null, "details": {"loc": 27341, "defect_density": {"comparison": 0.35, "over_time": [null], "score": 0.11, "verdict": "low", "loc_range": "less than 100,000"}, "build_date": "2015-09-22", "project_url": "https://scan.coverity.com/projects/zlib", "version": "1.2.8", "cwe": []}, "repo_url": null, "slug": "zlib", "mapped-name": "zlib"}}, {"extended-objects": [{"confidence": 0.85, "sha1": "da716350e557bb28b37d43ae46cd7cceae57fba3", "name": "klibc-P2s_k-gf23VtrGgO2_4pGkQgwMY.so", "timestamp": 1387853475, "binary-type": "elf-executable-x86_64", "exe-flags": ["execstack", "no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/klibc-P2s_k-gf23VtrGgO2_4pGkQgwMY.so"], "type": "native"}, {"confidence": 0.8, "sha1": "a30128a9c36b0cf50ae634f39569f33e0b270880", "name": "kinit", "timestamp": 1387853475, "binary-type": "elf-executable-x86_64", "exe-flags": ["execstack", "no-pie"], "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/lib/klibc/bin/kinit"], "type": "native"}], "objects": ["klibc-P2s_k-gf23VtrGgO2_4pGkQgwMY.so", "kinit"], "version": "1.2.3", "lib": "zlib", "distro_version": "1.2.3", "distro": "ubuntu", "cpe": ["cpe:/a:gnu:zlib:1.2.3"], "latest_version": "1.2.11", "vuln-count": {"total": 9, "exact": 0, "historical": 9}, "vulns": [{"vuln": {"cve": "CVE-2016-9841", "summary": "inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", "cvss": "7.5", "published": "2017-05-23T04:29:01", "modified": "2018-01-05T02:31:24", "published-epoch": "1495513741", "modified-epoch": "1515119484", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-30T17:04:11", "cvss_created-epoch": "1496163851", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": false}, {"vuln": {"cve": "CVE-2016-9840", "summary": "inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", "cvss": "6.8", "published": "2017-05-23T04:29:01", "modified": "2018-01-05T02:31:24", "published-epoch": "1495513741", "modified-epoch": "1515119484", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-30T17:01:03", "cvss_created-epoch": "1496163663", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "8.8"}, "exact": false}, {"vuln": {"cve": "CVE-2004-0797", "summary": "The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash).", "cvss": "2.1", "published": "2004-10-20T04:00:00", "modified": "2017-07-11T01:30:28", "published-epoch": "1098244800", "modified-epoch": "1499736628", "cwe": null, "cvss_access_vector": "LOCAL", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:L/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-9842", "summary": "The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.", "cvss": "6.8", "published": "2017-05-23T04:29:01", "modified": "2018-01-05T02:31:24", "published-epoch": "1495513741", "modified-epoch": "1515119484", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-30T17:04:28", "cvss_created-epoch": "1496163868", "cvss2_vector": "AV:N/AC:M/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "8.8"}, "exact": false}, {"vuln": {"cve": "CVE-2005-2096", "summary": "zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.", "cvss": "7.5", "published": "2005-07-06T04:00:00", "modified": "2017-07-11T01:32:46", "published-epoch": "1120622400", "modified-epoch": "1499736766", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-07-07T14:15:00", "cvss_created-epoch": "1120745700", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2002-0059", "summary": "The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a \"double free\"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.", "cvss": "7.5", "published": "2002-03-15T05:00:00", "modified": "2008-09-10T19:11:10", "published-epoch": "1016168400", "modified-epoch": "1221073870", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2016-9843", "summary": "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.", "cvss": "7.5", "published": "2017-05-23T04:29:01", "modified": "2018-01-05T02:31:24", "published-epoch": "1495513741", "modified-epoch": "1515119484", "cwe": "CWE-189", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-05-30T17:04:51", "cvss_created-epoch": "1496163891", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "9.8"}, "exact": false}, {"vuln": {"cve": "CVE-2003-0107", "summary": "Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.", "cvss": "7.5", "published": "2003-03-07T05:00:00", "modified": "2017-01-03T02:59:00", "published-epoch": "1047013200", "modified-epoch": "1483412340", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2004-01-01T05:00:00", "cvss_created-epoch": "1072933200", "cvss2_vector": "AV:N/AC:L/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}, {"vuln": {"cve": "CVE-2005-1849", "summary": "inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.", "cvss": "5.0", "published": "2005-07-26T04:00:00", "modified": "2017-10-11T01:30:10", "published-epoch": "1122350400", "modified-epoch": "1507685410", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2005-07-27T20:25:00", "cvss_created-epoch": "1122495900", "cvss2_vector": "AV:N/AC:L/Au:N:/C:N/I:N/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false}], "tags": ["compression"], "homepage": "https://zlib.net/", "upstream-source": "https://zlib.net/zlib-1.2.11.tar.gz", "latest-version": "1.2.11", "short_version": "1.2.3", "latest_cmp": false, "url": "https://zlib.net/zlib-1.2.11.tar.gz", "codetype": "Native", "coverity_scan": {"name": "zlib", "language": "C/C++", "id": 256, "homepage_url": null, "details": {"loc": 27341, "defect_density": {"comparison": 0.35, "over_time": [null], "score": 0.11, "verdict": "low", "loc_range": "less than 100,000"}, "build_date": "2015-09-22", "project_url": "https://scan.coverity.com/projects/zlib", "version": "1.2.8", "cwe": []}, "repo_url": null, "slug": "zlib", "mapped-name": "zlib"}}], "summary": {"vuln-count": {"exact": 600, "historical": 2045}, "verdict": {"short": "Vulns", "detailed": "Known vulnerabilities were found during the scan!"}}, "status": "R", "sha1sum": "08caeb3caa921ac61ac425266c34d7984e447894", "id": 4795, "product_id": 4795, "report_url": "https://protecode.mo.sap.corp/products/4795/", "filename": "whalesay.tar", "rescan-possible": false, "stale": false, "custom_data": {}, "last_updated": "2018-03-22T11:39:01", "details": {"metadata": null, "flagged": {"busybox": ["no-pie"], "less": ["no-pie"], "newusers": ["no-pie"], "pwconv": ["no-pie"], "kill": ["no-pie"], "git-remote-http": ["no-pie"], "oldfind": ["no-pie"], "skill": ["no-pie"], "find": ["no-pie"], "rsyslogd": ["no-pie"], "udevadm": ["no-pie"], "iconv": ["no-pie"], "arpd": ["no-pie"], "ls": ["no-pie"], "git-credential-cache": ["no-pie"], "tc": ["no-pie"], "klibc-P2s_k-gf23VtrGgO2_4pGkQgwMY.so": ["execstack", "no-pie"], "vdir": ["no-pie"], "cpio": ["no-pie"], "git-credential-store": ["no-pie"], "git-http-fetch": ["no-pie"], "patch": ["no-pie"], "collect": ["no-pie"], "dir": ["no-pie"], "dpkg-query": ["no-pie"], "arp": ["no-pie"], "localedef": ["no-pie"], "pwunconv": ["no-pie"], "ifconfig": ["no-pie"], "cron": ["no-pie"], "sed": ["no-pie"], "sdiff": ["no-pie"], "grpconv": ["no-pie"], "chpasswd": ["no-pie"], "diff3": ["no-pie"], "rsync": ["no-pie"], "chgpasswd": ["no-pie"], "ata_id": ["no-pie"], "python3.4m": ["no-pie"], "cppw": ["no-pie"], "netstat": ["no-pie"], "dpkg-divert": ["no-pie"], "bash": ["no-pie"], "mawk": ["no-pie"], "git-show-index": ["no-pie"], "systemd-udevd": ["no-pie"], "route": ["no-pie"], "git-fast-import": ["no-pie"], "rarp": ["no-pie"], "groupadd": ["no-pie"], "agetty": ["no-pie"], "cdrom_id": ["no-pie"], "vipw": ["no-pie"], "gpgv": ["no-pie"], "userdel": ["no-pie"], "diff": ["no-pie"], "cp": ["no-pie"], "ps": ["no-pie"], "git": ["no-pie"], "accelerometer": ["no-pie"], "gpg": ["no-pie"], "groupdel": ["no-pie"], "git-remote-testsvn": ["no-pie"], "rtmon": ["no-pie"], "python3.4": ["no-pie"], "getty": ["no-pie"], "useradd": ["no-pie"], "git-http-push": ["no-pie"], "dpkg": ["no-pie"], "sh.shared": ["execstack", "no-pie", "no-relro"], "grep": ["no-pie"], "git-upload-pack": ["no-pie"], "kinit": ["execstack", "no-pie"], "mv": ["no-pie"], "install": ["no-pie"], "bridge": ["no-pie"], "tar": ["no-pie"], "ip": ["no-pie"], "grpck": ["no-pie"], "logrotate": ["no-pie"], "slattach": ["no-pie"], "groupmod": ["no-pie"], "egrep": ["no-pie"], "vim.tiny": ["no-pie"], "scsi_id": ["no-pie"], "fgrep": ["no-pie"], "git-credential-cache--daemon": ["no-pie"], "git-http-backend": ["no-pie"], "git-imap-send": ["no-pie"], "git-sh-i18n--envsubst": ["no-pie"], "git-shell": ["no-pie"], "git-daemon": ["no-pie"], "ss": ["no-pie"], "ldconfig.real": ["no-pie"], "grpunconv": ["no-pie"], "pwck": ["no-pie"], "gzip": ["no-pie"], "usermod": ["no-pie"]}, "filetypes": {"a /usr/bin/mawk script": 1, "magic text file for file(1) cmd": 2, "POSIX tar archive": 8, "Mac OS X icon": 1, "VAX COFF executable - version 30856": 1, "Non-ISO extended-ASCII text": 2, "MS Windows icon resource - 7 icons": 1, "GNU message catalog (little endian)": 228, "Python script": 652, "VAX COFF executable - version 16067": 1, "Compiled terminfo entry": 38, "VAX COFF executable not stripped - version 4626": 1, "Algol 68 source": 26, "VAX COFF executable not stripped - version 11599": 1, "Perl POD document": 43, "VAX COFF executable not stripped - version 21833": 1, "VAX COFF executable - version 14045": 1, "ELF 64-bit LSB executable": 469, "GPG key public ring": 5, "VAX COFF executable not stripped - version 7889": 1, "VAX COFF executable": 15, "unified diff output": 2, "OS/2 REXX batch file": 2, "VAX COFF executable not stripped - version 2162": 1, "GLS_BINARY_LSB_FIRST": 1, "C source": 77, "PEM certificate": 175, "VAX COFF executable not stripped - version 10196": 1, "VAX COFF executable not stripped - version 9947": 1, "magic binary file for file(1) cmd (version 10) (little endian)": 1, "MGR bitmap": 1, "Python script text executable Python script": 1, "ISO-8859 text": 29, "VAX COFF executable - version 31313": 1, "VAX COFF executable not stripped - version 17454": 1, "VAX COFF executable not stripped - version 25481": 1, "setuid ELF 64-bit LSB executable": 10, "VAX COFF executable not stripped - version 15429": 1, "VAX COFF executable - version 10330": 1, "TeX document": 1, "awk or perl script": 1, "Git index": 2, "Bourne-Again shell script": 34, "VAX COFF executable - version 18448": 1, "news": 1, "Linux/i386 PC Screen Font v2 data": 121, "XML 1.0 document": 8, "a /usr/bin/make -f script": 1, "a /usr/bin/mawk -We script": 1, "Lisp/Scheme program": 1, "VAX COFF executable - version 19272": 1, "VAX COFF executable not stripped - version 29765": 1, "UTF-8 Unicode (with BOM) text": 1, "VAX COFF executable - version 16758": 1, "PGP signature Signature (old)": 4, "HTML document": 18, "Perl script text executable": 235, "a /usr/bin/mawk -f script": 6, "very short file (no magic)": 1, "LaTeX 2e document": 1, "M4 macro processor script": 1, "setgid ELF 64-bit LSB executable": 8, "data": 36, "X pixmap image": 1, "UTF-8 Unicode text": 358, "core file (Xenix)": 2, "VAX COFF executable - version 21384": 1, "Linux/i386 PC Screen Font v1 data": 178, "empty": 186, "VAX COFF executable not stripped - version 24585": 1, "VAX COFF executable - version 5597": 1, "awk script": 1, "VAX COFF executable - version 22340": 1, "VAX COFF executable - version 10568": 1, "VAX COFF executable not stripped - version 4357": 1, "a /usr/bin/python3 -Es script": 1, "APT cache data": 2, "VAX COFF executable not stripped - version 6157": 1, "a /usr/bin/env python script": 1, "POSIX shell script": 644, "gzip compressed data": 2574, "C++ source": 2, "a /usr/sh script": 1, "GIF image data": 10, "VAX COFF executable not stripped - version 10425": 1, "VAX COFF executable not stripped - version 20299": 5, "VAX COFF executable not stripped - version 17488": 1, "setuid ELF 64-bit LSB shared object": 4, "diff output": 2, "setgid ELF 64-bit LSB shared object": 2, "troff or preprocessor input": 1587, "VAX COFF executable not stripped - version 14464": 1, "a /usr/bin/python3 script": 8, "VAX COFF executable - version 1966": 1, "VAX COFF executable - version 17840": 1, "VAX COFF executable - version 759": 2, "a /bin/sed -nf script": 1, "gconv module configuration cache data": 1, "a /usr/bin/python3.4 script": 27, "VAX COFF executable - version 502": 1, "VAX COFF executable not stripped - version 19437": 1, "Perl5 module source": 695, "makefile script": 10, "ASCII text": 4289, "VAX COFF executable not stripped - version 2307": 1, "PGP public key block Public-Key (old)": 2, "VAX COFF executable not stripped": 19, "VAX COFF executable not stripped - version 6267": 1, "exported SGML document": 1, "timezone data": 755, "Tenex C shell script": 1, "PNG image data": 7, "ELF 64-bit LSB shared object": 623}, "errors": []}}} |