{ "matches": [ { "vulnerability": { "id": "CVE-2017-17740", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": [], "epss": [ { "cve": "CVE-2017-17740", "epss": 0.06138, "percentile": 0.91043, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2017-17740", "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.3069 }, "relatedVulnerabilities": [ { "id": "CVE-2017-17740", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", "namespace": "nvd:cpe", "severity": "High", "urls": [ "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", "http://www.openldap.org/its/index.cgi/Incoming?id=8759", "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2017-17740", "epss": 0.06138, "percentile": 0.91043, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2017-17740", "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "openldap", "version": "2.6.10+dfsg-1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2017-17740", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "46230cf5226e2e82", "name": "libldap2", "version": "2.6.10+dfsg-1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libldap2", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libldap2", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", "upstreams": [ { "name": "openldap" } ] } }, { "vulnerability": { "id": "CVE-2025-29478", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-29478", "epss": 0.00521, "percentile": 0.67396, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-29478", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "" }, "advisories": [], "risk": 0.273525 }, "relatedVulnerabilities": [], "matchDetails": [ { "type": "cpe-match", "matcher": "stock-matcher", "searchedBy": { "namespace": "nvd:cpe", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:5.0.6:*:*:*:*:*:*:*" ], "package": { "name": "fluent-bit", "version": "5.0.6" } }, "found": { "vulnerabilityID": "CVE-2025-29478", "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" ] } } ], "artifact": { "id": "cea2afa73a0e4468", "name": "fluent-bit", "version": "5.0.6", "type": "binary", "locations": [ { "path": "/fluent-bit/bin/fluent-bit", "layerID": "sha256:bac8da5073c772505c04c0e4e52c84be7ab9470f3d846c7edef579dd10f844cc", "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:5.0.6:*:*:*:*:*:*:*" ], "purl": "pkg:github/fluent/fluent-bit@5.0.6", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2011-3389", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2011-3389", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", "cvss": [], "epss": [ { "cve": "CVE-2011-3389", "epss": 0.03832, "percentile": 0.88464, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2011-3389", "cwe": "CWE-326", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.19160000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2011-3389", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2011-3389", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/", "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx", "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx", "http://curl.haxx.se/docs/adv_20120124B.html", "http://downloads.asterisk.org/pub/security/AST-2016-001.html", "http://ekoparty.org/2011/juliano-rizzo.php", "http://eprint.iacr.org/2004/111", "http://eprint.iacr.org/2006/136", "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635", "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html", "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html", "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html", "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html", "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html", "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html", "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html", "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html", "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html", "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html", "http://marc.info/?l=bugtraq&m=132750579901589&w=2", "http://marc.info/?l=bugtraq&m=132872385320240&w=2", "http://marc.info/?l=bugtraq&m=133365109612558&w=2", "http://marc.info/?l=bugtraq&m=133728004526190&w=2", "http://marc.info/?l=bugtraq&m=134254866602253&w=2", "http://marc.info/?l=bugtraq&m=134254957702612&w=2", "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue", "http://osvdb.org/74829", "http://rhn.redhat.com/errata/RHSA-2012-0508.html", "http://rhn.redhat.com/errata/RHSA-2013-1455.html", "http://secunia.com/advisories/45791", "http://secunia.com/advisories/47998", "http://secunia.com/advisories/48256", "http://secunia.com/advisories/48692", "http://secunia.com/advisories/48915", "http://secunia.com/advisories/48948", "http://secunia.com/advisories/49198", "http://secunia.com/advisories/55322", "http://secunia.com/advisories/55350", "http://secunia.com/advisories/55351", "http://security.gentoo.org/glsa/glsa-201203-02.xml", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://support.apple.com/kb/HT4999", "http://support.apple.com/kb/HT5001", "http://support.apple.com/kb/HT5130", "http://support.apple.com/kb/HT5281", "http://support.apple.com/kb/HT5501", "http://support.apple.com/kb/HT6150", "http://technet.microsoft.com/security/advisory/2588513", "http://vnhacker.blogspot.com/2011/09/beast.html", "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", "http://www.debian.org/security/2012/dsa-2398", "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html", "http://www.ibm.com/developerworks/java/jdk/alerts/", "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html", "http://www.insecure.cl/Beast-SSL.rar", "http://www.kb.cert.org/vuls/id/864643", "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058", "http://www.opera.com/docs/changelogs/mac/1151/", "http://www.opera.com/docs/changelogs/mac/1160/", "http://www.opera.com/docs/changelogs/unix/1151/", "http://www.opera.com/docs/changelogs/unix/1160/", "http://www.opera.com/docs/changelogs/windows/1151/", "http://www.opera.com/docs/changelogs/windows/1160/", "http://www.opera.com/support/kb/view/1004/", "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", "http://www.redhat.com/support/errata/RHSA-2011-1384.html", "http://www.redhat.com/support/errata/RHSA-2012-0006.html", "http://www.securityfocus.com/bid/49388", "http://www.securityfocus.com/bid/49778", "http://www.securitytracker.com/id/1029190", "http://www.securitytracker.com/id?1025997", "http://www.securitytracker.com/id?1026103", "http://www.securitytracker.com/id?1026704", "http://www.ubuntu.com/usn/USN-1263-1", "http://www.us-cert.gov/cas/techalerts/TA12-010A.html", "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail", "https://bugzilla.novell.com/show_bug.cgi?id=719047", "https://bugzilla.redhat.com/show_bug.cgi?id=737506", "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf", "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006", "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862", "https://hermes.opensuse.org/messages/13154861", "https://hermes.opensuse.org/messages/13155432", "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752" ], "description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 4.3, "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2011-3389", "epss": 0.03832, "percentile": 0.88464, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2011-3389", "cwe": "CWE-326", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "gnutls28", "version": "3.8.9-3+deb13u4" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2011-3389", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "c09dbad0a9f39af5", "name": "libgnutls30t64", "version": "3.8.9-3+deb13u4", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgnutls30t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3\\+deb13u4:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3%2Bdeb13u4?arch=amd64&distro=debian-13&upstream=gnutls28", "upstreams": [ { "name": "gnutls28" } ] } }, { "vulnerability": { "id": "CVE-2025-29477", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 0.8, "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-29477", "epss": 0.00269, "percentile": 0.50788, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-29477", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "" }, "advisories": [], "risk": 0.14122500000000002 }, "relatedVulnerabilities": [], "matchDetails": [ { "type": "cpe-match", "matcher": "stock-matcher", "searchedBy": { "namespace": "nvd:cpe", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:5.0.6:*:*:*:*:*:*:*" ], "package": { "name": "fluent-bit", "version": "5.0.6" } }, "found": { "vulnerabilityID": "CVE-2025-29477", "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" ] } } ], "artifact": { "id": "cea2afa73a0e4468", "name": "fluent-bit", "version": "5.0.6", "type": "binary", "locations": [ { "path": "/fluent-bit/bin/fluent-bit", "layerID": "sha256:bac8da5073c772505c04c0e4e52c84be7ab9470f3d846c7edef579dd10f844cc", "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:5.0.6:*:*:*:*:*:*:*" ], "purl": "pkg:github/fluent/fluent-bit@5.0.6", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2015-3276", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2015-3276", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", "cvss": [], "epss": [ { "cve": "CVE-2015-3276", "epss": 0.02575, "percentile": 0.85931, "date": "2026-06-14" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.12875 }, "relatedVulnerabilities": [ { "id": "CVE-2015-3276", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2015-3276", "namespace": "nvd:cpe", "severity": "High", "urls": [ "http://rhn.redhat.com/errata/RHSA-2015-2131.html", "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "http://www.securitytracker.com/id/1034221", "https://bugzilla.redhat.com/show_bug.cgi?id=1238322" ], "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2015-3276", "epss": 0.02575, "percentile": 0.85931, "date": "2026-06-14" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "openldap", "version": "2.6.10+dfsg-1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2015-3276", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "46230cf5226e2e82", "name": "libldap2", "version": "2.6.10+dfsg-1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libldap2", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libldap2", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", "upstreams": [ { "name": "openldap" } ] } }, { "vulnerability": { "id": "CVE-2019-9192", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [], "epss": [ { "cve": "CVE-2019-9192", "epss": 0.02309, "percentile": 0.85171, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2019-9192", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.11545 }, "relatedVulnerabilities": [ { "id": "CVE-2019-9192", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2019-9192", "epss": 0.02309, "percentile": 0.85171, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2019-9192", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "glibc", "version": "2.41-12+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2019-9192", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "60ad05465b379abb", "name": "libc6", "version": "2.41-12+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "BSD-2-clause", "BSD-3-clause-Berkeley", "BSD-3-clause-Carnegie", "BSD-3-clause-Oracle", "BSD-3-clause-WIDE", "BSD-like-Spencer", "BSL-1.0", "CORE-MATH", "Carnegie", "DEC", "FSFAP", "GPL-2", "GPL-2+", "GPL-2+-with-link-exception", "GPL-3", "GPL-3+", "IBM", "ISC", "Inner-Net", "LGPL-2", "LGPL-2+", "LGPL-2.1", "LGPL-2.1+", "LGPL-2.1+-with-link-exception", "LGPL-3", "LGPL-3+", "MIT-like-Lord", "PCRE", "SunPro", "Unicode-DFS-2016", "Univ-Coimbra", "public-domain" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.41-12\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2018-5709", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { "cve": "CVE-2018-5709", "epss": 0.0164, "percentile": 0.82422, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2018-5709", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.082 }, "relatedVulnerabilities": [ { "id": "CVE-2018-5709", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2018-5709", "epss": 0.0164, "percentile": 0.82422, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2018-5709", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b6ee860d702b8084", "name": "libgssapi-krb5-2", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2018-5709", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { "cve": "CVE-2018-5709", "epss": 0.0164, "percentile": 0.82422, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2018-5709", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.082 }, "relatedVulnerabilities": [ { "id": "CVE-2018-5709", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2018-5709", "epss": 0.0164, "percentile": 0.82422, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2018-5709", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "52ef833c1503e21a", "name": "libk5crypto3", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2018-5709", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { "cve": "CVE-2018-5709", "epss": 0.0164, "percentile": 0.82422, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2018-5709", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.082 }, "relatedVulnerabilities": [ { "id": "CVE-2018-5709", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2018-5709", "epss": 0.0164, "percentile": 0.82422, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2018-5709", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "d4c94f2fc66f3184", "name": "libkrb5-3", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2018-5709", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { "cve": "CVE-2018-5709", "epss": 0.0164, "percentile": 0.82422, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2018-5709", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.082 }, "relatedVulnerabilities": [ { "id": "CVE-2018-5709", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2018-5709", "epss": 0.0164, "percentile": 0.82422, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2018-5709", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "56fc39be304d53f0", "name": "libkrb5support0", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2026-45447", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-45447", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS#7 or S/MIME signed message, if the SignedData digestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may incorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent use of the BIO by the calling application results in a use-after-free condition. In the common case this occurs when the application later calls BIO_free() on the BIO originally passed to PKCS7_verify(). Depending on allocator behavior and application-specific BIO usage patterns, this may result in a crash or other memory corruption. In some application contexts this may potentially be exploitable for remote code execution. Applications that process PKCS#7 or S/MIME signed messages using OpenSSL PKCS#7 APIs may be affected. Applications using the CMS APIs for this processing are not affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.8, "exploitabilityScore": 2.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-45447", "epss": 0.00092, "percentile": 0.26174, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-45447", "cwe": "CWE-416", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.5.6-1~deb13u2" ], "state": "fixed", "available": [ { "version": "3.5.6-1~deb13u2", "date": "2026-06-09", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6335-1", "link": "https://security-tracker.debian.org/tracker/DSA-6335-1" } ], "risk": 0.07498000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2026-45447", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-45447", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/3aad5eb7af4de4ee0633c30a8541a54d9bbde63c", "https://github.com/openssl/openssl/commit/7d4a980c62258c5910cc883936e0c8dbab4d75a8", "https://github.com/openssl/openssl/commit/9dfd688ad2290fc5075cacbc9bf0c9a93eefed54", "https://github.com/openssl/openssl/commit/a541ae8bfe849a30cc885e8780715c0f488e496c", "https://github.com/openssl/openssl/commit/c505d7559da5d5f9f2c3913c6883a5562ce7273e", "https://openssl-library.org/news/secadv/20260609.txt" ], "description": "Issue summary: A specially crafted PKCS#7 or S/MIME signed message could\ntrigger a use-after-free during PKCS#7 signature verification.\n\nImpact summary: A use-after-free may result in process crashes, heap\ncorruption, or potentially remote code execution.\n\nWhen processing a PKCS#7 or S/MIME signed message, if the SignedData\ndigestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may\nincorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent\nuse of the BIO by the calling application results in a use-after-free\ncondition.\n\nIn the common case this occurs when the application later calls\nBIO_free() on the BIO originally passed to PKCS7_verify(). Depending\non allocator behavior and application-specific BIO usage patterns, this\nmay result in a crash or other memory corruption. In some application\ncontexts this may potentially be exploitable for remote code execution.\n\nApplications that process PKCS#7 or S/MIME signed messages using OpenSSL\nPKCS#7 APIs may be affected. Applications using the CMS APIs for this\nprocessing are not affected.\n\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.8, "exploitabilityScore": 2.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-45447", "epss": 0.00092, "percentile": 0.26174, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-45447", "cwe": "CWE-416", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "openssl", "version": "3.5.6-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-45447", "versionConstraint": "< 3.5.6-1~deb13u2 (deb)" }, "fix": { "suggestedVersion": "3.5.6-1~deb13u2" } } ], "artifact": { "id": "68d68fd82614058a", "name": "libssl3t64", "version": "3.5.6-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3t64/copyright", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/usr/share/doc/libssl3t64/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3t64:libssl3t64:3.5.6-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3t64@3.5.6-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2026-9076", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-9076", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kek_unwrap_key(). Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of Service for an application if the input buffer ends at a memory page boundary and the following page is unmapped. There is no information disclosure as the over-read bytes are not revealed to the attacker. The key unwrapping function performs a check-byte test as specified in the RFC that reads 7 bytes from a heap allocation that is based on the wrapped key length from the message. There is a minimum length check based on the block length of the wrapping cipher. However the cipher is selected from an OID carried in the attacker's PWRI keyEncryptionAlgorithm with no requirement that the cipher be a block cipher. When an attacker selects a stream-mode cipher the guard will be ineffective and the allocated buffer containing the unwrapped key can be too small to fit the check-bytes specified in the RFC and a buffer over-read can happen. Applications calling CMS_decrypt() or CMS_decrypt_set1_password() (equivalently openssl cms -decrypt -pwri_password ...) on untrusted CMS data are vulnerable to this issue. No password knowledge is required: the over-read happens during the unwrap attempt before any authentication succeeds. The over-read is limited to a few bytes and is not written to output, so there is no information disclosure. Triggering a crash requires the allocation to border unmapped memory, which is unlikely with the normal allocator. The FIPS modules are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-9076", "epss": 0.00096, "percentile": 0.26732, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-9076", "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.5.6-1~deb13u2" ], "state": "fixed", "available": [ { "version": "3.5.6-1~deb13u2", "date": "2026-06-09", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6335-1", "link": "https://security-tracker.debian.org/tracker/DSA-6335-1" } ], "risk": 0.07200000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-9076", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-9076", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/05b066366842f930fadd9a6e94df98030af431bb", "https://github.com/openssl/openssl/commit/3d8d5bc1056b2f62da9fede23fedbf47e85187b0", "https://github.com/openssl/openssl/commit/715349a1d7c6db970e6815dafb90915f07307f98", "https://github.com/openssl/openssl/commit/77bf00ab13f6ff5e516535432f0328ed70ec0c26", "https://github.com/openssl/openssl/commit/eecbe330977e8d023aae1ca2d9bdbe983ef3fdc6", "https://openssl-library.org/news/secadv/20260609.txt" ], "description": "Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap)\nprocesses attacker-supplied CMS data, an attacker-chosen stream-mode KEK\ncipher can trigger a heap out-of-bounds read in kek_unwrap_key().\n\nImpact summary: A heap buffer over-read may trigger a crash which leads to\nDenial of Service for an application if the input buffer ends at a memory\npage boundary and the following page is unmapped. There is no information\ndisclosure as the over-read bytes are not revealed to the attacker.\n\nThe key unwrapping function performs a check-byte test as specified in the\nRFC that reads 7 bytes from a heap allocation that is based on the wrapped\nkey length from the message. There is a minimum length check based on the\nblock length of the wrapping cipher. However the cipher is selected from\nan OID carried in the attacker's PWRI keyEncryptionAlgorithm with no\nrequirement that the cipher be a block cipher. When an attacker selects\na stream-mode cipher the guard will be ineffective and the allocated buffer\ncontaining the unwrapped key can be too small to fit the check-bytes\nspecified in the RFC and a buffer over-read can happen.\n\nApplications calling CMS_decrypt() or CMS_decrypt_set1_password()\n(equivalently openssl cms -decrypt -pwri_password ...) on untrusted CMS\ndata are vulnerable to this issue. No password knowledge is required: the\nover-read happens during the unwrap attempt before any authentication\nsucceeds.\n\nThe over-read is limited to a few bytes and is not written to output, so\nthere is no information disclosure. Triggering a crash requires the\nallocation to border unmapped memory, which is unlikely with the normal\nallocator.\n\nThe FIPS modules are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-9076", "epss": 0.00096, "percentile": 0.26732, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-9076", "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "openssl", "version": "3.5.6-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-9076", "versionConstraint": "< 3.5.6-1~deb13u2 (deb)" }, "fix": { "suggestedVersion": "3.5.6-1~deb13u2" } } ], "artifact": { "id": "68d68fd82614058a", "name": "libssl3t64", "version": "3.5.6-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3t64/copyright", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/usr/share/doc/libssl3t64/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3t64:libssl3t64:3.5.6-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3t64@3.5.6-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2026-5450", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-5450", "namespace": "debian:distro:debian:13", "severity": "Critical", "urls": [], "description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5450", "epss": 0.00073, "percentile": 0.22435, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5450", "cwe": "CWE-122", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-5450", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.06862 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5450", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", "namespace": "nvd:cpe", "severity": "Critical", "urls": [ "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450" ], "description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5450", "epss": 0.00073, "percentile": 0.22435, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5450", "cwe": "CWE-122", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-5450", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "glibc", "version": "2.41-12+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-5450", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "60ad05465b379abb", "name": "libc6", "version": "2.41-12+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "BSD-2-clause", "BSD-3-clause-Berkeley", "BSD-3-clause-Carnegie", "BSD-3-clause-Oracle", "BSD-3-clause-WIDE", "BSD-like-Spencer", "BSL-1.0", "CORE-MATH", "Carnegie", "DEC", "FSFAP", "GPL-2", "GPL-2+", "GPL-2+-with-link-exception", "GPL-3", "GPL-3+", "IBM", "ISC", "Inner-Net", "LGPL-2", "LGPL-2+", "LGPL-2.1", "LGPL-2.1+", "LGPL-2.1+-with-link-exception", "LGPL-3", "LGPL-3+", "MIT-like-Lord", "PCRE", "SunPro", "Unicode-DFS-2016", "Univ-Coimbra", "public-domain" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.41-12\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2018-20796", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [], "epss": [ { "cve": "CVE-2018-20796", "epss": 0.01305, "percentile": 0.80255, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2018-20796", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.06525 }, "relatedVulnerabilities": [ { "id": "CVE-2018-20796", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", "namespace": "nvd:cpe", "severity": "High", "urls": [ "http://www.securityfocus.com/bid/107160", "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", "https://security.netapp.com/advisory/ntap-20190315-0002/", "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2018-20796", "epss": 0.01305, "percentile": 0.80255, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2018-20796", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "glibc", "version": "2.41-12+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2018-20796", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "60ad05465b379abb", "name": "libc6", "version": "2.41-12+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "BSD-2-clause", "BSD-3-clause-Berkeley", "BSD-3-clause-Carnegie", "BSD-3-clause-Oracle", "BSD-3-clause-WIDE", "BSD-like-Spencer", "BSL-1.0", "CORE-MATH", "Carnegie", "DEC", "FSFAP", "GPL-2", "GPL-2+", "GPL-2+-with-link-exception", "GPL-3", "GPL-3+", "IBM", "ISC", "Inner-Net", "LGPL-2", "LGPL-2+", "LGPL-2.1", "LGPL-2.1+", "LGPL-2.1+-with-link-exception", "LGPL-3", "LGPL-3+", "MIT-like-Lord", "PCRE", "SunPro", "Unicode-DFS-2016", "Univ-Coimbra", "public-domain" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.41-12\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2019-1010025", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { "cve": "CVE-2019-1010025", "epss": 0.01215, "percentile": 0.79503, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2019-1010025", "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.06075 }, "relatedVulnerabilities": [ { "id": "CVE-2019-1010025", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", "https://support.f5.com/csp/article/K06046097", "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010025" ], "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2019-1010025", "epss": 0.01215, "percentile": 0.79503, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2019-1010025", "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "glibc", "version": "2.41-12+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2019-1010025", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "60ad05465b379abb", "name": "libc6", "version": "2.41-12+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "BSD-2-clause", "BSD-3-clause-Berkeley", "BSD-3-clause-Carnegie", "BSD-3-clause-Oracle", "BSD-3-clause-WIDE", "BSD-like-Spencer", "BSL-1.0", "CORE-MATH", "Carnegie", "DEC", "FSFAP", "GPL-2", "GPL-2+", "GPL-2+-with-link-exception", "GPL-3", "GPL-3+", "IBM", "ISC", "Inner-Net", "LGPL-2", "LGPL-2+", "LGPL-2.1", "LGPL-2.1+", "LGPL-2.1+-with-link-exception", "LGPL-3", "LGPL-3+", "MIT-like-Lord", "PCRE", "SunPro", "Unicode-DFS-2016", "Univ-Coimbra", "public-domain" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.41-12\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2026-40355", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40355", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40355", "epss": 0.00108, "percentile": 0.28843, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-40355", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [ "1.21.3-5+deb13u1" ], "state": "fixed", "available": [ { "version": "1.21.3-5+deb13u1", "date": "2026-05-22", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6293-1", "link": "https://security-tracker.debian.org/tracker/DSA-6293-1" } ], "risk": 0.05886000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40355", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40355", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "https://web.mit.edu/kerberos/advisories/" ], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40355", "epss": 0.00108, "percentile": 0.28843, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-40355", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-40355", "versionConstraint": "< 1.21.3-5+deb13u1 (deb)" }, "fix": { "suggestedVersion": "1.21.3-5+deb13u1" } } ], "artifact": { "id": "b6ee860d702b8084", "name": "libgssapi-krb5-2", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2026-40355", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40355", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40355", "epss": 0.00108, "percentile": 0.28843, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-40355", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [ "1.21.3-5+deb13u1" ], "state": "fixed", "available": [ { "version": "1.21.3-5+deb13u1", "date": "2026-05-22", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6293-1", "link": "https://security-tracker.debian.org/tracker/DSA-6293-1" } ], "risk": 0.05886000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40355", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40355", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "https://web.mit.edu/kerberos/advisories/" ], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40355", "epss": 0.00108, "percentile": 0.28843, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-40355", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-40355", "versionConstraint": "< 1.21.3-5+deb13u1 (deb)" }, "fix": { "suggestedVersion": "1.21.3-5+deb13u1" } } ], "artifact": { "id": "52ef833c1503e21a", "name": "libk5crypto3", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2026-40355", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40355", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40355", "epss": 0.00108, "percentile": 0.28843, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-40355", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [ "1.21.3-5+deb13u1" ], "state": "fixed", "available": [ { "version": "1.21.3-5+deb13u1", "date": "2026-05-22", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6293-1", "link": "https://security-tracker.debian.org/tracker/DSA-6293-1" } ], "risk": 0.05886000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40355", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40355", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "https://web.mit.edu/kerberos/advisories/" ], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40355", "epss": 0.00108, "percentile": 0.28843, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-40355", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-40355", "versionConstraint": "< 1.21.3-5+deb13u1 (deb)" }, "fix": { "suggestedVersion": "1.21.3-5+deb13u1" } } ], "artifact": { "id": "d4c94f2fc66f3184", "name": "libkrb5-3", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2026-40355", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40355", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40355", "epss": 0.00108, "percentile": 0.28843, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-40355", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [ "1.21.3-5+deb13u1" ], "state": "fixed", "available": [ { "version": "1.21.3-5+deb13u1", "date": "2026-05-22", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6293-1", "link": "https://security-tracker.debian.org/tracker/DSA-6293-1" } ], "risk": 0.05886000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40355", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40355", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "https://web.mit.edu/kerberos/advisories/" ], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40355", "epss": 0.00108, "percentile": 0.28843, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-40355", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-40355", "versionConstraint": "< 1.21.3-5+deb13u1 (deb)" }, "fix": { "suggestedVersion": "1.21.3-5+deb13u1" } } ], "artifact": { "id": "56fc39be304d53f0", "name": "libkrb5support0", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2026-40356", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40356", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40356", "epss": 0.00108, "percentile": 0.28801, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-40356", "cwe": "CWE-191", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [ "1.21.3-5+deb13u1" ], "state": "fixed", "available": [ { "version": "1.21.3-5+deb13u1", "date": "2026-05-22", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6293-1", "link": "https://security-tracker.debian.org/tracker/DSA-6293-1" } ], "risk": 0.05886000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40356", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40356", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "https://web.mit.edu/kerberos/advisories/" ], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40356", "epss": 0.00108, "percentile": 0.28801, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-40356", "cwe": "CWE-191", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-40356", "versionConstraint": "< 1.21.3-5+deb13u1 (deb)" }, "fix": { "suggestedVersion": "1.21.3-5+deb13u1" } } ], "artifact": { "id": "b6ee860d702b8084", "name": "libgssapi-krb5-2", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2026-40356", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40356", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40356", "epss": 0.00108, "percentile": 0.28801, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-40356", "cwe": "CWE-191", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [ "1.21.3-5+deb13u1" ], "state": "fixed", "available": [ { "version": "1.21.3-5+deb13u1", "date": "2026-05-22", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6293-1", "link": "https://security-tracker.debian.org/tracker/DSA-6293-1" } ], "risk": 0.05886000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40356", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40356", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "https://web.mit.edu/kerberos/advisories/" ], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40356", "epss": 0.00108, "percentile": 0.28801, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-40356", "cwe": "CWE-191", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-40356", "versionConstraint": "< 1.21.3-5+deb13u1 (deb)" }, "fix": { "suggestedVersion": "1.21.3-5+deb13u1" } } ], "artifact": { "id": "52ef833c1503e21a", "name": "libk5crypto3", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2026-40356", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40356", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40356", "epss": 0.00108, "percentile": 0.28801, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-40356", "cwe": "CWE-191", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [ "1.21.3-5+deb13u1" ], "state": "fixed", "available": [ { "version": "1.21.3-5+deb13u1", "date": "2026-05-22", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6293-1", "link": "https://security-tracker.debian.org/tracker/DSA-6293-1" } ], "risk": 0.05886000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40356", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40356", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "https://web.mit.edu/kerberos/advisories/" ], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40356", "epss": 0.00108, "percentile": 0.28801, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-40356", "cwe": "CWE-191", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-40356", "versionConstraint": "< 1.21.3-5+deb13u1 (deb)" }, "fix": { "suggestedVersion": "1.21.3-5+deb13u1" } } ], "artifact": { "id": "d4c94f2fc66f3184", "name": "libkrb5-3", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2026-40356", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40356", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40356", "epss": 0.00108, "percentile": 0.28801, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-40356", "cwe": "CWE-191", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [ "1.21.3-5+deb13u1" ], "state": "fixed", "available": [ { "version": "1.21.3-5+deb13u1", "date": "2026-05-22", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6293-1", "link": "https://security-tracker.debian.org/tracker/DSA-6293-1" } ], "risk": 0.05886000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40356", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40356", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "https://web.mit.edu/kerberos/advisories/" ], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40356", "epss": 0.00108, "percentile": 0.28801, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-40356", "cwe": "CWE-191", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-40356", "versionConstraint": "< 1.21.3-5+deb13u1 (deb)" }, "fix": { "suggestedVersion": "1.21.3-5+deb13u1" } } ], "artifact": { "id": "56fc39be304d53f0", "name": "libkrb5support0", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2026-7168", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-7168", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with **Digest** authentication and then changing the proxy host to a second one (`proxyB`) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the `Proxy-Authorization:` header field meant for `proxyA`, to `proxyB`.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-7168", "epss": 0.00113, "percentile": 0.29667, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-7168", "cwe": "CWE-294", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.058195000000000004 }, "relatedVulnerabilities": [ { "id": "CVE-2026-7168", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-7168", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-7168.html", "https://curl.se/docs/CVE-2026-7168.json", "https://hackerone.com/reports/3697719", "http://www.openwall.com/lists/oss-security/2026/04/29/14" ], "description": "Successfully using libcurl to do a transfer over a specific HTTP proxy\n(`proxyA`) with **Digest** authentication and then changing the proxy host to\na second one (`proxyB`) for a second transfer, reusing the same handle, makes\nlibcurl wrongly pass on the `Proxy-Authorization:` header field meant for\n`proxyA`, to `proxyB`.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-7168", "epss": 0.00113, "percentile": 0.29667, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-7168", "cwe": "CWE-294", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-7168", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "ee3eddc79e0634ef", "name": "libcurl4t64", "version": "8.14.1-2+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2026-7383", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-7383", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In ASN1_mbstring_copy() and ASN1_mbstring_ncopy() the destination size for Unicode output is computed in a signed int: by left shift of the input character count for BMPSTRING (UTF-16) and UNIVERSALSTRING (UTF-32), and by summing per-character byte counts for UTF8STRING. The calculation overflows when the input reaches around 2^30 characters. In the worst case (UNIVERSALSTRING at 2^30 characters) the size wraps to zero, OPENSSL_malloc(1) is called, and the subsequent character copy writes several gigabytes past the one-byte allocation. X.509 certificate processing routes through ASN1_STRING_set_by_NID(), whose DIRSTRING_TYPE mask excludes UNIVERSALSTRING and whose per-NID size limits cap the input length; no network protocol or certificate-handling path in OpenSSL exercises the overflow. Triggering the bug requires an application that calls ASN1_mbstring_copy() or ASN1_mbstring_ncopy() directly, or registers a custom string type via ASN1_STRING_TABLE_add(), with attacker-controlled input on the order of half a gigabyte or more. For these reasons this issue was assigned Low severity. The FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.1, "exploitabilityScore": 2.3, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-7383", "epss": 0.00067, "percentile": 0.2096, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-7383", "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.5.6-1~deb13u2" ], "state": "fixed", "available": [ { "version": "3.5.6-1~deb13u2", "date": "2026-06-09", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6335-1", "link": "https://security-tracker.debian.org/tracker/DSA-6335-1" } ], "risk": 0.05226 }, "relatedVulnerabilities": [ { "id": "CVE-2026-7383", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-7383", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/4f8d2bddaa2c8e06f9c33390ee1717059a6e4be6", "https://github.com/openssl/openssl/commit/80c15faaf78042bbb8654a0e234c50c381732f74", "https://github.com/openssl/openssl/commit/bd17511070fb39a67bfa19682affb765e706a974", "https://github.com/openssl/openssl/commit/c332adaced43bcbb85f97410597e951c11ec3083", "https://github.com/openssl/openssl/commit/d32350ae8ef7426718f5aa9e383d4b51398ee255", "https://openssl-library.org/news/secadv/20260609.txt" ], "description": "Issue summary: A signed integer overflow when sizing the destination\nbuffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap\nbuffer overflow.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nattacker controlled code execution or other undefined behaviour.\n\nIn ASN1_mbstring_copy() and ASN1_mbstring_ncopy() the destination\nsize for Unicode output is computed in a signed int: by left shift\nof the input character count for BMPSTRING (UTF-16) and\nUNIVERSALSTRING (UTF-32), and by summing per-character byte counts\nfor UTF8STRING. The calculation overflows when the input reaches\naround 2^30 characters. In the worst case (UNIVERSALSTRING at 2^30\ncharacters) the size wraps to zero, OPENSSL_malloc(1) is called, and\nthe subsequent character copy writes several gigabytes past the\none-byte allocation.\n\nX.509 certificate processing routes through ASN1_STRING_set_by_NID(),\nwhose DIRSTRING_TYPE mask excludes UNIVERSALSTRING and whose per-NID\nsize limits cap the input length; no network protocol or\ncertificate-handling path in OpenSSL exercises the overflow.\nTriggering the bug requires an application that calls\nASN1_mbstring_copy() or ASN1_mbstring_ncopy() directly, or registers\na custom string type via ASN1_STRING_TABLE_add(), with\nattacker-controlled input on the order of half a gigabyte or more.\nFor these reasons this issue was assigned Low severity.\n\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by\nthis issue, as the affected code is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.1, "exploitabilityScore": 2.3, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-7383", "epss": 0.00067, "percentile": 0.2096, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-7383", "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "openssl", "version": "3.5.6-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-7383", "versionConstraint": "< 3.5.6-1~deb13u2 (deb)" }, "fix": { "suggestedVersion": "3.5.6-1~deb13u2" } } ], "artifact": { "id": "68d68fd82614058a", "name": "libssl3t64", "version": "3.5.6-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3t64/copyright", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/usr/share/doc/libssl3t64/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3t64:libssl3t64:3.5.6-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3t64@3.5.6-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2026-5928", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-5928", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash. A bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp->_IO_read_ptr) instead of the actual wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program crash may happen in cases where fp->_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5928", "epss": 0.00068, "percentile": 0.21367, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5928", "cwe": "CWE-127", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.051000000000000004 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5928", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=33998" ], "description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp->_IO_read_ptr) instead of the actual wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program crash may happen in cases where fp->_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5928", "epss": 0.00068, "percentile": 0.21367, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5928", "cwe": "CWE-127", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "glibc", "version": "2.41-12+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-5928", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "60ad05465b379abb", "name": "libc6", "version": "2.41-12+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "BSD-2-clause", "BSD-3-clause-Berkeley", "BSD-3-clause-Carnegie", "BSD-3-clause-Oracle", "BSD-3-clause-WIDE", "BSD-like-Spencer", "BSL-1.0", "CORE-MATH", "Carnegie", "DEC", "FSFAP", "GPL-2", "GPL-2+", "GPL-2+-with-link-exception", "GPL-3", "GPL-3+", "IBM", "ISC", "Inner-Net", "LGPL-2", "LGPL-2+", "LGPL-2.1", "LGPL-2.1+", "LGPL-2.1+-with-link-exception", "LGPL-3", "LGPL-3+", "MIT-like-Lord", "PCRE", "SunPro", "Unicode-DFS-2016", "Univ-Coimbra", "public-domain" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.41-12\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2026-7598", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-7598", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.", "cvss": [ { "source": "cna@vuldb.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 6.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-7598", "epss": 0.00075, "percentile": 0.22889, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-7598", "cwe": "CWE-189", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2026-7598", "cwe": "CWE-190", "source": "cna@vuldb.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.044625 }, "relatedVulnerabilities": [ { "id": "CVE-2026-7598", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-7598", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/libssh2/libssh2/", "https://github.com/libssh2/libssh2/commit/256d04b60d80bf1190e96b0ad1e91b2174d744b1", "https://github.com/libssh2/libssh2/pull/1858", "https://vuldb.com/submit/805564", "https://vuldb.com/vuln/360555", "https://vuldb.com/vuln/360555/cti" ], "description": "A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.", "cvss": [ { "source": "cna@vuldb.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 6.9 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 7.3, "exploitabilityScore": 3.9, "impactScore": 3.4 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "metrics": { "baseScore": 7.5, "exploitabilityScore": 10, "impactScore": 6.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-7598", "epss": 0.00075, "percentile": 0.22889, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-7598", "cwe": "CWE-189", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2026-7598", "cwe": "CWE-190", "source": "cna@vuldb.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "libssh2", "version": "1.11.1-1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-7598", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "db086fa0f05191a1", "name": "libssh2-1t64", "version": "1.11.1-1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssh2-1t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libssh2-1t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libssh2-1t64:libssh2-1t64:1.11.1-1:*:*:*:*:*:*:*", "cpe:2.3:a:libssh2-1t64:libssh2_1t64:1.11.1-1:*:*:*:*:*:*:*", "cpe:2.3:a:libssh2_1t64:libssh2-1t64:1.11.1-1:*:*:*:*:*:*:*", "cpe:2.3:a:libssh2_1t64:libssh2_1t64:1.11.1-1:*:*:*:*:*:*:*", "cpe:2.3:a:libssh2:libssh2-1t64:1.11.1-1:*:*:*:*:*:*:*", "cpe:2.3:a:libssh2:libssh2_1t64:1.11.1-1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssh2-1t64@1.11.1-1?arch=amd64&distro=debian-13&upstream=libssh2", "upstreams": [ { "name": "libssh2" } ] } }, { "vulnerability": { "id": "CVE-2026-34180", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-34180", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application (Denial of Service) or to load into the decoded ASN.1 object contents of memory beyond the end of the input buffer. More typically such ASN.1 elements would instead be truncated. An integer truncation in OpenSSL's ASN.1 decoder causes the content length of an ASN.1 primitive element to be mishandled when it exceeds 2 gigabytes. In the worst case the truncated length is treated as a request to scan the binary content for a terminating zero byte, possibly causing OpenSSL to read either less than or beyond the end of the allocated buffer. Applications that pass attacker-supplied data to d2i_X509(), d2i_PKCS7(), or any other d2i_* decoding function are affected. OpenSSL's own command-line tools are not vulnerable, as data read through the BIO layer is checked before it reaches the affected code. The issue only affects 64-bit Unix and Unix-like platforms; 32-bit platforms and 64-bit Windows are not affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-34180", "epss": 0.00059, "percentile": 0.18856, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-34180", "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.5.6-1~deb13u2" ], "state": "fixed", "available": [ { "version": "3.5.6-1~deb13u2", "date": "2026-06-09", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6335-1", "link": "https://security-tracker.debian.org/tracker/DSA-6335-1" } ], "risk": 0.044250000000000005 }, "relatedVulnerabilities": [ { "id": "CVE-2026-34180", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-34180", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/1c6908e4fa5fa568752221d8eaf561a809751e5d", "https://github.com/openssl/openssl/commit/cbe418ae978539cf14a398a207dba834c0e93e83", "https://github.com/openssl/openssl/commit/d93853c42110d6319e3df07842b488cb9f7ac5ff", "https://github.com/openssl/openssl/commit/da5d62af75f69d6fbf7803743d7c56ac75461e43", "https://github.com/openssl/openssl/commit/f696c73c3e61b8c502d040af62e690c060908a16", "https://openssl-library.org/news/secadv/20260609.txt" ], "description": "Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive\nelement whose content exceeds 2 gigabytes in length may cause a heap buffer\nover-read on 64-bit Unix and Unix-like platforms.\n\nImpact summary: The heap buffer over-read may crash the application (Denial of\nService) or to load into the decoded ASN.1 object contents of memory beyond the\nend of the input buffer. More typically such ASN.1 elements would instead be\ntruncated.\n\nAn integer truncation in OpenSSL's ASN.1 decoder causes the content length of\nan ASN.1 primitive element to be mishandled when it exceeds 2 gigabytes. In the\nworst case the truncated length is treated as a request to scan the binary\ncontent for a terminating zero byte, possibly causing OpenSSL to read either\nless than or beyond the end of the allocated buffer.\n\nApplications that pass attacker-supplied data to d2i_X509(), d2i_PKCS7(), or\nany other d2i_* decoding function are affected. OpenSSL's own command-line\ntools are not vulnerable, as data read through the BIO layer is checked before\nit reaches the affected code. The issue only affects 64-bit Unix and Unix-like\nplatforms; 32-bit platforms and 64-bit Windows are not affected.\n\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-34180", "epss": 0.00059, "percentile": 0.18856, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-34180", "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "openssl", "version": "3.5.6-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-34180", "versionConstraint": "< 3.5.6-1~deb13u2 (deb)" }, "fix": { "suggestedVersion": "3.5.6-1~deb13u2" } } ], "artifact": { "id": "68d68fd82614058a", "name": "libssl3t64", "version": "3.5.6-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3t64/copyright", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/usr/share/doc/libssl3t64/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3t64:libssl3t64:3.5.6-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3t64@3.5.6-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2026-1965", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-1965", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion must first be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. One underlying reason being that Negotiate sometimes authenticates *connections* and not *requests*, contrary to how HTTP is designed to work. An application that allows Negotiate authentication to a server (that responds wanting Negotiate) with `user1:password1` and then does another operation to the same server also using Negotiate but with `user2:password2` (while the previous connection is still alive) - the second request wrongly reused the same connection and since it then sees that the Negotiate negotiation is already made, it just sends the request over that connection thinking it uses the user2 credentials when it is in fact still using the connection authenticated for user1... The set of authentication methods to use is set with `CURLOPT_HTTPAUTH`. Applications can disable libcurl's reuse of connections and thus mitigate this problem, by using one of the following libcurl options to alter how connections are or are not reused: `CURLOPT_FRESH_CONNECT`, `CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the curl_multi API).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1965", "epss": 0.00073, "percentile": 0.22358, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-1965", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.04197499999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2026-1965", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-1965.html", "https://curl.se/docs/CVE-2026-1965.json" ], "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1965", "epss": 0.00073, "percentile": 0.22358, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-1965", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "ee3eddc79e0634ef", "name": "libcurl4t64", "version": "8.14.1-2+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2025-13151", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-13151", "epss": 0.0005, "percentile": 0.16103, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-13151", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.0375 }, "relatedVulnerabilities": [ { "id": "CVE-2025-13151", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://gitlab.com/gnutls/libtasn1", "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", "http://www.openwall.com/lists/oss-security/2026/01/08/5", "https://www.kb.cert.org/vuls/id/271649" ], "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-13151", "epss": 0.0005, "percentile": 0.16103, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-13151", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "libtasn1-6", "version": "4.20.0-2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "04ef2a4cf087de67", "name": "libtasn1-6", "version": "4.20.0-2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libtasn1-6", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libtasn1-6:libtasn1-6:4.20.0-2:*:*:*:*:*:*:*", "cpe:2.3:a:libtasn1-6:libtasn1_6:4.20.0-2:*:*:*:*:*:*:*", "cpe:2.3:a:libtasn1_6:libtasn1-6:4.20.0-2:*:*:*:*:*:*:*", "cpe:2.3:a:libtasn1_6:libtasn1_6:4.20.0-2:*:*:*:*:*:*:*", "cpe:2.3:a:libtasn1:libtasn1-6:4.20.0-2:*:*:*:*:*:*:*", "cpe:2.3:a:libtasn1:libtasn1_6:4.20.0-2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libtasn1-6@4.20.0-2?arch=amd64&distro=debian-13", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2026-5435", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-5435", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 7.3, "exploitabilityScore": 3.9, "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5435", "epss": 0.00049, "percentile": 0.15903, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5435", "cwe": "CWE-787", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.03626 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5435", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5435", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "https://sourceware.org/bugzilla/show_bug.cgi?id=34033" ], "description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 7.3, "exploitabilityScore": 3.9, "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5435", "epss": 0.00049, "percentile": 0.15903, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5435", "cwe": "CWE-787", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "glibc", "version": "2.41-12+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-5435", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "60ad05465b379abb", "name": "libc6", "version": "2.41-12+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "BSD-2-clause", "BSD-3-clause-Berkeley", "BSD-3-clause-Carnegie", "BSD-3-clause-Oracle", "BSD-3-clause-WIDE", "BSD-like-Spencer", "BSL-1.0", "CORE-MATH", "Carnegie", "DEC", "FSFAP", "GPL-2", "GPL-2+", "GPL-2+-with-link-exception", "GPL-3", "GPL-3+", "IBM", "ISC", "Inner-Net", "LGPL-2", "LGPL-2+", "LGPL-2.1", "LGPL-2.1+", "LGPL-2.1+-with-link-exception", "LGPL-3", "LGPL-3+", "MIT-like-Lord", "PCRE", "SunPro", "Unicode-DFS-2016", "Univ-Coimbra", "public-domain" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.41-12\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2026-42766", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-42766", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact summary: This NULL pointer dereference leads to an application crash and a Denial of Service. The CMS PasswordRecipientInfo.keyDerivationAlgorithm field is defined as OPTIONAL in the ASN.1 specification and may therefore be absent in specially crafted inputs. During the password-based CMS decryption the OpenSSL CMS implementation dereferences this field without first checking whether it was present. An attacker who supplies such a CMS message to an application performing password-based CMS decryption can trigger an application crash, leading to a Denial of Service. Applications that process password-encrypted CMS messages may be affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-42766", "epss": 0.00066, "percentile": 0.20727, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-42766", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.5.6-1~deb13u2" ], "state": "fixed", "available": [ { "version": "3.5.6-1~deb13u2", "date": "2026-06-09", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6335-1", "link": "https://security-tracker.debian.org/tracker/DSA-6335-1" } ], "risk": 0.03597 }, "relatedVulnerabilities": [ { "id": "CVE-2026-42766", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-42766", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/openssl/openssl/commit/056d06c1918fafbb98c1c85a02e4c47cc4e199ce", "https://github.com/openssl/openssl/commit/12bc26ffb3a2be728c9b86e1cae277de5b33dfa4", "https://github.com/openssl/openssl/commit/3ff64913615d648cfbb6a6f1cf5529ae7ea829d7", "https://github.com/openssl/openssl/commit/ab52d88cb5374876d59aee3c91f9e4ccce2b7ce4", "https://github.com/openssl/openssl/commit/da26f368732b83e40e9d356fe61c3d3aaab6d2e8", "https://openssl-library.org/news/secadv/20260609.txt" ], "description": "Issue summary: A specially crafted password-encrypted CMS message\ncan trigger a NULL pointer dereference during CMS decryption.\n\nImpact summary: This NULL pointer dereference leads to an application crash\nand a Denial of Service.\n\nThe CMS PasswordRecipientInfo.keyDerivationAlgorithm field is defined as\nOPTIONAL in the ASN.1 specification and may therefore be absent in specially\ncrafted inputs. During the password-based CMS decryption the OpenSSL\nCMS implementation dereferences this field without first checking whether it\nwas present.\n\nAn attacker who supplies such a CMS message to an application performing\npassword-based CMS decryption can trigger an application crash, leading to\na Denial of Service.\n\nApplications that process password-encrypted CMS messages may be affected.\n\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-42766", "epss": 0.00066, "percentile": 0.20727, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-42766", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "openssl", "version": "3.5.6-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-42766", "versionConstraint": "< 3.5.6-1~deb13u2 (deb)" }, "fix": { "suggestedVersion": "3.5.6-1~deb13u2" } } ], "artifact": { "id": "68d68fd82614058a", "name": "libssl3t64", "version": "3.5.6-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3t64/copyright", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/usr/share/doc/libssl3t64/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3t64:libssl3t64:3.5.6-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3t64@3.5.6-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2024-2236", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [], "epss": [ { "cve": "CVE-2024-2236", "epss": 0.00666, "percentile": 0.718, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-2236", "cwe": "CWE-385", "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0333 }, "relatedVulnerabilities": [ { "id": "CVE-2024-2236", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2024:9404", "https://access.redhat.com/errata/RHSA-2025:3530", "https://access.redhat.com/errata/RHSA-2025:3534", "https://access.redhat.com/security/cve/CVE-2024-2236", "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" ], "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-2236", "epss": 0.00666, "percentile": 0.718, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-2236", "cwe": "CWE-385", "source": "secalert@redhat.com", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "libgcrypt20", "version": "1.11.0-7" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2024-2236", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "5826072934743d2f", "name": "libgcrypt20", "version": "1.11.0-7", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2026-34743", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-34743", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-34743", "epss": 0.00063, "percentile": 0.1996, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-34743", "cwe": "CWE-122", "source": "security-advisories@github.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.032445 }, "relatedVulnerabilities": [ { "id": "CVE-2026-34743", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", "http://www.openwall.com/lists/oss-security/2026/03/31/13" ], "description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "security-advisories@github.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 1.7 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-34743", "epss": 0.00063, "percentile": 0.1996, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-34743", "cwe": "CWE-122", "source": "security-advisories@github.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "xz-utils", "version": "5.8.1-1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-34743", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b2c2bc2cb57ca2ec", "name": "liblzma5", "version": "5.8.1-1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/liblzma5", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/liblzma5", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:liblzma5:liblzma5:5.8.1-1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/liblzma5@5.8.1-1?arch=amd64&distro=debian-13&upstream=xz-utils", "upstreams": [ { "name": "xz-utils" } ] } }, { "vulnerability": { "id": "CVE-2026-42767", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-42767", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "Issue summary: An attacker-controlled CMP (Certificate Management Protocol) server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server (or acting as a man-in-the-middle) could craft a CMP response containing a CRMF (Certificate Request Message Format) CertRepMessage with an EncryptedValue structure where the symmAlg field has an algorithm OID but no parameters field. When the OpenSSL CMP client processes this response, the NULL dereference occurs, causing a crash of the CMP client. Applications that process untrusted CMP/CRMF messages may be affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-42767", "epss": 0.00058, "percentile": 0.18649, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-42767", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.5.6-1~deb13u2" ], "state": "fixed", "available": [ { "version": "3.5.6-1~deb13u2", "date": "2026-06-10", "kind": "first-observed" } ] }, "advisories": [], "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { "id": "CVE-2026-42767", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-42767", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/openssl/openssl/commit/61a86a8cd73546c9fea916f3d304c1293e05c046", "https://github.com/openssl/openssl/commit/665d5254083affde9982efca7c41dd01cacc8774", "https://github.com/openssl/openssl/commit/810b722f772652ad48042bcc7ab07e3414b11d0f", "https://github.com/openssl/openssl/commit/b90ff3b1bd33b1c18e6a09936d097c2eddef8873", "https://github.com/openssl/openssl/commit/e6f912907fc2ec82a0fd07aae55172c5e5e3d90d", "https://openssl-library.org/news/secadv/20260609.txt" ], "description": "Issue summary: An attacker-controlled CMP (Certificate Management Protocol)\nserver could trigger a NULL pointer dereference in a CMP client application.\n\nImpact summary: A NULL pointer dereference causes a crash of the\napplication and a Denial of Service.\n\nAn attacker controlling a CMP server (or acting as a man-in-the-middle) could\ncraft a CMP response containing a CRMF (Certificate Request Message Format)\nCertRepMessage with an EncryptedValue structure where the symmAlg field\nhas an algorithm OID but no parameters field. When the OpenSSL CMP client\nprocesses this response, the NULL dereference occurs, causing a crash of\nthe CMP client.\n\nApplications that process untrusted CMP/CRMF messages may be affected.\n\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-42767", "epss": 0.00058, "percentile": 0.18649, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-42767", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "openssl", "version": "3.5.6-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-42767", "versionConstraint": "< 3.5.6-1~deb13u2 (deb)" }, "fix": { "suggestedVersion": "3.5.6-1~deb13u2" } } ], "artifact": { "id": "68d68fd82614058a", "name": "libssl3t64", "version": "3.5.6-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3t64/copyright", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/usr/share/doc/libssl3t64/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3t64:libssl3t64:3.5.6-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3t64@3.5.6-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2026-42764", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-42764", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial of Service. If the address validation is disabled in the OpenSSL QUIC server implementation, an attacker can crash the server by sending an initial packet with an invalid or expired token. By default, the client address validation is enabled in the OpenSSL QUIC server implementation, which makes the default configuration not vulnerable to this issue. However if the SSL_LISTENER_FLAG_NO_VALIDATE is used with the SSL_new_listener() call, the address validation is disabled making the vulnerable code reachable. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-42764", "epss": 0.00042, "percentile": 0.1311, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-42764", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.5.6-1~deb13u2" ], "state": "fixed", "available": [ { "version": "3.5.6-1~deb13u2", "date": "2026-06-10", "kind": "first-observed" } ] }, "advisories": [], "risk": 0.0315 }, "relatedVulnerabilities": [ { "id": "CVE-2026-42764", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-42764", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/5e3ed291b8af0b03d5d3b9e56a1da69a187e9729", "https://github.com/openssl/openssl/commit/a45a0aba8095682c88ff4fc4a784892b8c6f0677", "https://github.com/openssl/openssl/commit/bf29a458c1a231eca87e384c62b9c2553fa57a91", "https://openssl-library.org/news/secadv/20260609.txt" ], "description": "Issue summary: Receiving a QUIC initial packet with an invalid token may\ntrigger a NULL pointer dereference in the OpenSSL QUIC server with\naddress validation disabled.\n\nImpact summary: NULL pointer dereference typically causes abnormal termination\nof the affected QUIC server process and a Denial of Service.\n\nIf the address validation is disabled in the OpenSSL QUIC server\nimplementation, an attacker can crash the server by sending an initial\npacket with an invalid or expired token.\n\nBy default, the client address validation is enabled in the OpenSSL QUIC server\nimplementation, which makes the default configuration not vulnerable\nto this issue. However if the SSL_LISTENER_FLAG_NO_VALIDATE is used with\nthe SSL_new_listener() call, the address validation is disabled making the\nvulnerable code reachable.\n\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-42764", "epss": 0.00042, "percentile": 0.1311, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-42764", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "openssl", "version": "3.5.6-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-42764", "versionConstraint": "< 3.5.6-1~deb13u2 (deb)" }, "fix": { "suggestedVersion": "3.5.6-1~deb13u2" } } ], "artifact": { "id": "68d68fd82614058a", "name": "libssl3t64", "version": "3.5.6-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3t64/copyright", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/usr/share/doc/libssl3t64/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3t64:libssl3t64:3.5.6-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3t64@3.5.6-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2018-6829", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [], "epss": [ { "cve": "CVE-2018-6829", "epss": 0.00577, "percentile": 0.69395, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2018-6829", "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.02885 }, "relatedVulnerabilities": [ { "id": "CVE-2018-6829", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", "https://www.oracle.com/security-alerts/cpujan2020.html" ], "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2018-6829", "epss": 0.00577, "percentile": 0.69395, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2018-6829", "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "libgcrypt20", "version": "1.11.0-7" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2018-6829", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "5826072934743d2f", "name": "libgcrypt20", "version": "1.11.0-7", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2026-34183", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-34183", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATH_CHALLENGE frames. Impact summary: A malicious remote peer can cause an unbounded memory allocation which can lead to an abnormal termination of the application acting as a QUIC client or server and a Denial of Service. A remote peer may exhaust heap memory by flooding the local QUIC stack with PATH_CHALLENGE frames. The local QUIC stack allocates a PATH_RESPONSE frame for every PATH_CHALLENGE it receives. The allocated PATH_RESPONSE frame gets freed only when the remote peer acknowledges reception of the PATH_RESPONSE frame which will not be done by a malicious peer. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue. The QUIC stack is outside of OpenSSL FIPS module boundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-34183", "epss": 0.00038, "percentile": 0.11814, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-34183", "cwe": "CWE-1325", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.5.6-1~deb13u2" ], "state": "fixed", "available": [ { "version": "3.5.6-1~deb13u2", "date": "2026-06-10", "kind": "first-observed" } ] }, "advisories": [], "risk": 0.028499999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2026-34183", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-34183", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/5b306efb0b3779dfdd0803b4afc9d08c91f11517", "https://github.com/openssl/openssl/commit/7d06955ebe0ecf8adfd4c1e92018586da47ef9ac", "https://github.com/openssl/openssl/commit/d2e9efbe4900a373227deb136e8665401404ffac", "https://github.com/openssl/openssl/commit/fbaa83859c01ad64f497b757aaf51be7d05ed9eb", "https://openssl-library.org/news/secadv/20260609.txt" ], "description": "Issue summary: Remote peer may exhaust heap memory of the QUIC\nserver or client by flooding it with packets containing PATH_CHALLENGE\nframes.\n\nImpact summary: A malicious remote peer can cause an unbounded\nmemory allocation which can lead to an abnormal termination of the\napplication acting as a QUIC client or server and a Denial of Service.\n\nA remote peer may exhaust heap memory by flooding the local\nQUIC stack with PATH_CHALLENGE frames. The local QUIC stack\nallocates a PATH_RESPONSE frame for every PATH_CHALLENGE it receives.\nThe allocated PATH_RESPONSE frame gets freed only when the remote\npeer acknowledges reception of the PATH_RESPONSE frame which will\nnot be done by a malicious peer.\n\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by\nthis issue. The QUIC stack is outside of OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-34183", "epss": 0.00038, "percentile": 0.11814, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-34183", "cwe": "CWE-1325", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "openssl", "version": "3.5.6-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-34183", "versionConstraint": "< 3.5.6-1~deb13u2 (deb)" }, "fix": { "suggestedVersion": "3.5.6-1~deb13u2" } } ], "artifact": { "id": "68d68fd82614058a", "name": "libssl3t64", "version": "3.5.6-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3t64/copyright", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/usr/share/doc/libssl3t64/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3t64:libssl3t64:3.5.6-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3t64@3.5.6-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2019-1010024", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { "cve": "CVE-2019-1010024", "epss": 0.00509, "percentile": 0.6688, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2019-1010024", "cwe": "CWE-200", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.02545 }, "relatedVulnerabilities": [ { "id": "CVE-2019-1010024", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "http://www.securityfocus.com/bid/109162", "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", "https://support.f5.com/csp/article/K06046097", "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010024" ], "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2019-1010024", "epss": 0.00509, "percentile": 0.6688, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2019-1010024", "cwe": "CWE-200", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "glibc", "version": "2.41-12+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2019-1010024", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "60ad05465b379abb", "name": "libc6", "version": "2.41-12+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "BSD-2-clause", "BSD-3-clause-Berkeley", "BSD-3-clause-Carnegie", "BSD-3-clause-Oracle", "BSD-3-clause-WIDE", "BSD-like-Spencer", "BSL-1.0", "CORE-MATH", "Carnegie", "DEC", "FSFAP", "GPL-2", "GPL-2+", "GPL-2+-with-link-exception", "GPL-3", "GPL-3+", "IBM", "ISC", "Inner-Net", "LGPL-2", "LGPL-2+", "LGPL-2.1", "LGPL-2.1+", "LGPL-2.1+-with-link-exception", "LGPL-3", "LGPL-3+", "MIT-like-Lord", "PCRE", "SunPro", "Unicode-DFS-2016", "Univ-Coimbra", "public-domain" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.41-12\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2026-3805", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-3805", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3805", "epss": 0.0003, "percentile": 0.09093, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-3805", "cwe": "CWE-416", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.0225 }, "relatedVulnerabilities": [ { "id": "CVE-2026-3805", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://curl.se/docs/CVE-2026-3805.html", "https://curl.se/docs/CVE-2026-3805.json", "https://hackerone.com/reports/3591944", "http://www.openwall.com/lists/oss-security/2026/03/11/4" ], "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3805", "epss": 0.0003, "percentile": 0.09093, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-3805", "cwe": "CWE-416", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-3805", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "ee3eddc79e0634ef", "name": "libcurl4t64", "version": "8.14.1-2+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2026-5545", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-5545", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. An application that first uses Negotiate authentication to a server with `user1:password1` and then does another operation to the same server asking for any authentication method but for `user2:password2` (while the previous connection is still alive) - the second request gets confused and wrongly reuses the same connection and sends the new request over that connection thinking it uses a mix of user1's and user2's credentials when it is in fact still using the connection authenticated for user1...", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.3, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5545", "epss": 0.00039, "percentile": 0.12223, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5545", "cwe": "CWE-613", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.022424999999999997 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5545", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5545", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-5545.html", "https://curl.se/docs/CVE-2026-5545.json", "https://hackerone.com/reports/3642555" ], "description": "libcurl might in some circumstances reuse the wrong connection when asked to\ndo an authenticated HTTP(S) request after a Negotiate-authenticated one, when\nboth use the same host.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criteria must be met. Due to a logical\nerror in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials.\n\nAn application that first uses Negotiate authentication to a server with\n`user1:password1` and then does another operation to the same server asking\nfor any authentication method but for `user2:password2` (while the previous\nconnection is still alive) - the second request gets confused and wrongly\nreuses the same connection and sends the new request over that connection\nthinking it uses a mix of user1's and user2's credentials when it is in fact\nstill using the connection authenticated for user1...", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.3, "impactScore": 4.3 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.3, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5545", "epss": 0.00039, "percentile": 0.12223, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5545", "cwe": "CWE-613", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-5545", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "ee3eddc79e0634ef", "name": "libcurl4t64", "version": "8.14.1-2+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2026-11850", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-11850", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. The function performs an unsigned subtraction (bv_len - 2) without a prior bounds check. When bv_len is 0 or 1, the subtraction wraps to a large value which is then truncated to uint16_t, yielding 0xFFFE (65534) or 0xFFFF (65535). The subsequent malloc succeeds and memcpy reads up to 65534 bytes from a 0-1 byte buffer, resulting in a heap out-of-bounds read. The attack vector involves a malicious or compromised LDAP KDB backend returning a krbExtraData attribute with bv_len < 2, triggering the underflow when the KDC or kadmind reads principal data.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 0.8, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-11850", "epss": 0.00035, "percentile": 0.10684, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-11850", "cwe": "CWE-191", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.017499999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2026-11850", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-11850", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2026:25520", "https://access.redhat.com/security/cve/CVE-2026-11850", "https://bugzilla.redhat.com/show_bug.cgi?id=2459970" ], "description": "An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. The function performs an unsigned subtraction (bv_len - 2) without a prior bounds check. When bv_len is 0 or 1, the subtraction wraps to a large value which is then truncated to uint16_t, yielding 0xFFFE (65534) or 0xFFFF (65535). The subsequent malloc succeeds and memcpy reads up to 65534 bytes from a 0-1 byte buffer, resulting in a heap out-of-bounds read.\nThe attack vector involves a malicious or compromised LDAP KDB backend returning a krbExtraData attribute with bv_len < 2, triggering the underflow when the KDC or kadmind reads principal data.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 0.8, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-11850", "epss": 0.00035, "percentile": 0.10684, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-11850", "cwe": "CWE-191", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-11850", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b6ee860d702b8084", "name": "libgssapi-krb5-2", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2026-11850", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-11850", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. The function performs an unsigned subtraction (bv_len - 2) without a prior bounds check. When bv_len is 0 or 1, the subtraction wraps to a large value which is then truncated to uint16_t, yielding 0xFFFE (65534) or 0xFFFF (65535). The subsequent malloc succeeds and memcpy reads up to 65534 bytes from a 0-1 byte buffer, resulting in a heap out-of-bounds read. The attack vector involves a malicious or compromised LDAP KDB backend returning a krbExtraData attribute with bv_len < 2, triggering the underflow when the KDC or kadmind reads principal data.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 0.8, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-11850", "epss": 0.00035, "percentile": 0.10684, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-11850", "cwe": "CWE-191", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.017499999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2026-11850", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-11850", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2026:25520", "https://access.redhat.com/security/cve/CVE-2026-11850", "https://bugzilla.redhat.com/show_bug.cgi?id=2459970" ], "description": "An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. The function performs an unsigned subtraction (bv_len - 2) without a prior bounds check. When bv_len is 0 or 1, the subtraction wraps to a large value which is then truncated to uint16_t, yielding 0xFFFE (65534) or 0xFFFF (65535). The subsequent malloc succeeds and memcpy reads up to 65534 bytes from a 0-1 byte buffer, resulting in a heap out-of-bounds read.\nThe attack vector involves a malicious or compromised LDAP KDB backend returning a krbExtraData attribute with bv_len < 2, triggering the underflow when the KDC or kadmind reads principal data.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 0.8, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-11850", "epss": 0.00035, "percentile": 0.10684, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-11850", "cwe": "CWE-191", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-11850", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "52ef833c1503e21a", "name": "libk5crypto3", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2026-11850", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-11850", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. The function performs an unsigned subtraction (bv_len - 2) without a prior bounds check. When bv_len is 0 or 1, the subtraction wraps to a large value which is then truncated to uint16_t, yielding 0xFFFE (65534) or 0xFFFF (65535). The subsequent malloc succeeds and memcpy reads up to 65534 bytes from a 0-1 byte buffer, resulting in a heap out-of-bounds read. The attack vector involves a malicious or compromised LDAP KDB backend returning a krbExtraData attribute with bv_len < 2, triggering the underflow when the KDC or kadmind reads principal data.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 0.8, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-11850", "epss": 0.00035, "percentile": 0.10684, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-11850", "cwe": "CWE-191", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.017499999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2026-11850", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-11850", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2026:25520", "https://access.redhat.com/security/cve/CVE-2026-11850", "https://bugzilla.redhat.com/show_bug.cgi?id=2459970" ], "description": "An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. The function performs an unsigned subtraction (bv_len - 2) without a prior bounds check. When bv_len is 0 or 1, the subtraction wraps to a large value which is then truncated to uint16_t, yielding 0xFFFE (65534) or 0xFFFF (65535). The subsequent malloc succeeds and memcpy reads up to 65534 bytes from a 0-1 byte buffer, resulting in a heap out-of-bounds read.\nThe attack vector involves a malicious or compromised LDAP KDB backend returning a krbExtraData attribute with bv_len < 2, triggering the underflow when the KDC or kadmind reads principal data.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 0.8, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-11850", "epss": 0.00035, "percentile": 0.10684, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-11850", "cwe": "CWE-191", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-11850", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "d4c94f2fc66f3184", "name": "libkrb5-3", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2026-11850", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-11850", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. The function performs an unsigned subtraction (bv_len - 2) without a prior bounds check. When bv_len is 0 or 1, the subtraction wraps to a large value which is then truncated to uint16_t, yielding 0xFFFE (65534) or 0xFFFF (65535). The subsequent malloc succeeds and memcpy reads up to 65534 bytes from a 0-1 byte buffer, resulting in a heap out-of-bounds read. The attack vector involves a malicious or compromised LDAP KDB backend returning a krbExtraData attribute with bv_len < 2, triggering the underflow when the KDC or kadmind reads principal data.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 0.8, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-11850", "epss": 0.00035, "percentile": 0.10684, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-11850", "cwe": "CWE-191", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.017499999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2026-11850", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-11850", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2026:25520", "https://access.redhat.com/security/cve/CVE-2026-11850", "https://bugzilla.redhat.com/show_bug.cgi?id=2459970" ], "description": "An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. The function performs an unsigned subtraction (bv_len - 2) without a prior bounds check. When bv_len is 0 or 1, the subtraction wraps to a large value which is then truncated to uint16_t, yielding 0xFFFE (65534) or 0xFFFF (65535). The subsequent malloc succeeds and memcpy reads up to 65534 bytes from a 0-1 byte buffer, resulting in a heap out-of-bounds read.\nThe attack vector involves a malicious or compromised LDAP KDB backend returning a krbExtraData attribute with bv_len < 2, triggering the underflow when the KDC or kadmind reads principal data.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 0.8, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-11850", "epss": 0.00035, "percentile": 0.10684, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-11850", "cwe": "CWE-191", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-11850", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "56fc39be304d53f0", "name": "libkrb5support0", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2026-6253", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-6253", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. while using the first proxy (using say `http://`), curl is asked to follow a redirect to a URL using another scheme (say `https://`), accessed using a second, different, proxy", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6253", "epss": 0.00032, "percentile": 0.09892, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-6253", "cwe": "CWE-522", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.017440000000000004 }, "relatedVulnerabilities": [ { "id": "CVE-2026-6253", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-6253", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-6253.html", "https://curl.se/docs/CVE-2026-6253.json", "https://hackerone.com/reports/3669637", "http://www.openwall.com/lists/oss-security/2026/04/29/11" ], "description": "curl might erroneously pass on credentials for a first proxy to a second\nproxy.\n\nThis can happen when the following conditions are true:\n\n1. curl is setup to use specific different proxies for different URL schemes\n2. the first proxy needs credentials\n3. the second proxy uses no credentials\n4. while using the first proxy (using say `http://`), curl is asked to follow\n a redirect to a URL using another scheme (say `https://`), accessed using a\n second, different, proxy", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6253", "epss": 0.00032, "percentile": 0.09892, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-6253", "cwe": "CWE-522", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-6253", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "ee3eddc79e0634ef", "name": "libcurl4t64", "version": "8.14.1-2+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2026-3784", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-3784", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3784", "epss": 0.00029, "percentile": 0.08706, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-3784", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.016675 }, "relatedVulnerabilities": [ { "id": "CVE-2026-3784", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-3784.html", "https://curl.se/docs/CVE-2026-3784.json", "https://hackerone.com/reports/3584903", "http://www.openwall.com/lists/oss-security/2026/03/11/3", "https://cert-portal.siemens.com/productcert/html/ssa-253495.html" ], "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3784", "epss": 0.00029, "percentile": 0.08706, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-3784", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "ee3eddc79e0634ef", "name": "libcurl4t64", "version": "8.14.1-2+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2026-5773", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-5773", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a network transfer operation that was requested by an application could wrongfully reuse an existing SMB connection to the same server that was using a different 'share' than the new subsequent transfer should. This could in unlucky situations lead to the download of the wrong file or the upload of a file to the wrong place. When this happens, the same credentials are used and the server name is the same.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5773", "epss": 0.00021, "percentile": 0.05947, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5773", "cwe": "CWE-918", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.01575 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5773", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5773", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://curl.se/docs/CVE-2026-5773.html", "https://curl.se/docs/CVE-2026-5773.json", "https://hackerone.com/reports/3650689", "http://www.openwall.com/lists/oss-security/2026/04/29/9" ], "description": "libcurl might in some circumstances reuse the wrong connection for SMB(S)\ntransfers.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criteria must be met. Due to a logical\nerror in the code, a network transfer operation that was requested by an\napplication could wrongfully reuse an existing SMB connection to the same\nserver that was using a different 'share' than the new subsequent transfer\nshould.\n\nThis could in unlucky situations lead to the download of the wrong file or the\nupload of a file to the wrong place. When this happens, the same credentials\nare used and the server name is the same.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5773", "epss": 0.00021, "percentile": 0.05947, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-5773", "cwe": "CWE-918", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-5773", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "ee3eddc79e0634ef", "name": "libcurl4t64", "version": "8.14.1-2+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2010-4756", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [], "epss": [ { "cve": "CVE-2010-4756", "epss": 0.00313, "percentile": 0.55031, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2010-4756", "cwe": "CWE-399", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.01565 }, "relatedVulnerabilities": [ { "id": "CVE-2010-4756", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "http://cxib.net/stuff/glob-0day.c", "http://securityreason.com/achievement_securityalert/89", "http://securityreason.com/exploitalert/9223", "https://bugzilla.redhat.com/show_bug.cgi?id=681681", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", "https://security.netapp.com/advisory/ntap-20241108-0002/" ], "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { "baseScore": 4, "exploitabilityScore": 8, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2010-4756", "epss": 0.00313, "percentile": 0.55031, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2010-4756", "cwe": "CWE-399", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "glibc", "version": "2.41-12+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2010-4756", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "60ad05465b379abb", "name": "libc6", "version": "2.41-12+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "BSD-2-clause", "BSD-3-clause-Berkeley", "BSD-3-clause-Carnegie", "BSD-3-clause-Oracle", "BSD-3-clause-WIDE", "BSD-like-Spencer", "BSL-1.0", "CORE-MATH", "Carnegie", "DEC", "FSFAP", "GPL-2", "GPL-2+", "GPL-2+-with-link-exception", "GPL-3", "GPL-3+", "IBM", "ISC", "Inner-Net", "LGPL-2", "LGPL-2+", "LGPL-2.1", "LGPL-2.1+", "LGPL-2.1+-with-link-exception", "LGPL-3", "LGPL-3+", "MIT-like-Lord", "PCRE", "SunPro", "Unicode-DFS-2016", "Univ-Coimbra", "public-domain" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.41-12\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2025-14819", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14819", "epss": 0.00029, "percentile": 0.08898, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-14819", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.014935 }, "relatedVulnerabilities": [ { "id": "CVE-2025-14819", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-14819.html", "https://curl.se/docs/CVE-2025-14819.json", "http://www.openwall.com/lists/oss-security/2026/01/07/5" ], "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14819", "epss": 0.00029, "percentile": 0.08898, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-14819", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2025-14819", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "ee3eddc79e0634ef", "name": "libcurl4t64", "version": "8.14.1-2+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2019-1010023", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { "cve": "CVE-2019-1010023", "epss": 0.00293, "percentile": 0.53117, "date": "2026-06-14" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.014650000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2019-1010023", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", "namespace": "nvd:cpe", "severity": "High", "urls": [ "http://www.securityfocus.com/bid/109167", "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010023" ], "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.8, "exploitabilityScore": 2.9, "impactScore": 5.9 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "metrics": { "baseScore": 6.8, "exploitabilityScore": 8.6, "impactScore": 6.5 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 5.4, "exploitabilityScore": 2.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2019-1010023", "epss": 0.00293, "percentile": 0.53117, "date": "2026-06-14" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "glibc", "version": "2.41-12+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2019-1010023", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "60ad05465b379abb", "name": "libc6", "version": "2.41-12+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "BSD-2-clause", "BSD-3-clause-Berkeley", "BSD-3-clause-Carnegie", "BSD-3-clause-Oracle", "BSD-3-clause-WIDE", "BSD-like-Spencer", "BSL-1.0", "CORE-MATH", "Carnegie", "DEC", "FSFAP", "GPL-2", "GPL-2+", "GPL-2+-with-link-exception", "GPL-3", "GPL-3+", "IBM", "ISC", "Inner-Net", "LGPL-2", "LGPL-2+", "LGPL-2.1", "LGPL-2.1+", "LGPL-2.1+-with-link-exception", "LGPL-3", "LGPL-3+", "MIT-like-Lord", "PCRE", "SunPro", "Unicode-DFS-2016", "Univ-Coimbra", "public-domain" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.41-12\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2026-3783", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-3783", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3783", "epss": 0.00028, "percentile": 0.08617, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-3783", "cwe": "CWE-522", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.014419999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2026-3783", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-3783.html", "https://curl.se/docs/CVE-2026-3783.json", "https://hackerone.com/reports/3583983", "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3783", "epss": 0.00028, "percentile": 0.08617, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-3783", "cwe": "CWE-522", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-3783", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "ee3eddc79e0634ef", "name": "libcurl4t64", "version": "8.14.1-2+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2026-45445", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-45445", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the application-supplied initialisation vector (IV) is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV supplied by the caller, resulting in (key, nonce) reuse and loss of confidentiality. If the same code path is used to compute the authentication tag, the tag depends only on the (key, IV) pair and not on the plaintext or ciphertext, allowing universal forgery of arbitrary ciphertext from a single captured message. OpenSSL provides two ways to drive a cipher: the documented streaming interface (EVP_CipherUpdate / EVP_CipherFinal_ex) and a lower-level one-shot, EVP_Cipher(), whose documentation explicitly recommends against use by applications in favour of EVP_CipherUpdate() and EVP_CipherFinal_ex(). The OCB provider's streaming handler flushes the application-supplied IV into the OCB context before processing data; the one-shot handler did not. Every call to EVP_Cipher() on an AES-OCB context therefore ran with the all-zero key-derived offset state left by cipher initialisation, regardless of the caller's IV. If EVP_EncryptFinal_ex() is subsequently used to obtain the authentication tag, the deferred IV setup runs at that point and clears the running checksum that should have been accumulated over the plaintext. The resulting tag is a function of (key, IV) only and verifies against any ciphertext produced under the same (key, IV) pair. The OpenSSL SSL/TLS implementation is not affected: AES-OCB is not a TLS cipher suite, and libssl does not call EVP_Cipher() in any case. Applications that drive AES-OCB through the documented streaming AEAD API (EVP_CipherUpdate / EVP_CipherFinal_ex) are not affected. Only applications that combine the AES-OCB cipher with the EVP_Cipher() one-shot API are vulnerable. The FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by this issue, as AES-OCB is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-45445", "epss": 0.00017, "percentile": 0.04386, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-45445", "cwe": "CWE-325", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.5.6-1~deb13u2" ], "state": "fixed", "available": [ { "version": "3.5.6-1~deb13u2", "date": "2026-06-09", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6335-1", "link": "https://security-tracker.debian.org/tracker/DSA-6335-1" } ], "risk": 0.012750000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-45445", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-45445", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/323f0b6e7d530a4cb4336d50c88cb70f3ac2a451", "https://github.com/openssl/openssl/commit/787a6dfba81b7b09c1e05ab31396c0cd7c36b3f7", "https://github.com/openssl/openssl/commit/7ac4715234ee72d9f3c93426a2c08554b5b771af", "https://github.com/openssl/openssl/commit/843c9b94ca9c2ed248bb30127bb4f3d7af0d607c", "https://github.com/openssl/openssl/commit/983d54b5cce8d16147548ed1a37892d1720bbab6", "https://openssl-library.org/news/secadv/20260609.txt" ], "description": "Issue summary: When an application drives an AES-OCB context through the\npublic EVP_Cipher() one-shot interface, the application-supplied\ninitialisation vector (IV) is silently discarded.\n\nImpact summary: Every message encrypted under the same key uses the\nsame effective nonce regardless of the IV supplied by the caller,\nresulting in (key, nonce) reuse and loss of confidentiality. If the\nsame code path is used to compute the authentication tag, the tag\ndepends only on the (key, IV) pair and not on the plaintext or\nciphertext, allowing universal forgery of arbitrary ciphertext from a\nsingle captured message.\n\nOpenSSL provides two ways to drive a cipher: the documented streaming\ninterface (EVP_CipherUpdate / EVP_CipherFinal_ex) and a lower-level\none-shot, EVP_Cipher(), whose documentation explicitly recommends\nagainst use by applications in favour of EVP_CipherUpdate() and\nEVP_CipherFinal_ex(). The OCB provider's streaming handler flushes\nthe application-supplied IV into the OCB context before processing\ndata; the one-shot handler did not. Every call to EVP_Cipher() on an\nAES-OCB context therefore ran with the all-zero key-derived offset\nstate left by cipher initialisation, regardless of the caller's IV.\n\nIf EVP_EncryptFinal_ex() is subsequently used to obtain the\nauthentication tag, the deferred IV setup runs at that point and\nclears the running checksum that should have been accumulated over the\nplaintext. The resulting tag is a function of (key, IV) only and\nverifies against any ciphertext produced under the same (key, IV)\npair.\n\nThe OpenSSL SSL/TLS implementation is not affected: AES-OCB is not a\nTLS cipher suite, and libssl does not call EVP_Cipher() in any case.\nApplications that drive AES-OCB through the documented streaming AEAD\nAPI (EVP_CipherUpdate / EVP_CipherFinal_ex) are not affected. Only\napplications that combine the AES-OCB cipher with the EVP_Cipher()\none-shot API are vulnerable.\n\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by\nthis issue, as AES-OCB is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-45445", "epss": 0.00017, "percentile": 0.04386, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-45445", "cwe": "CWE-325", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "openssl", "version": "3.5.6-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-45445", "versionConstraint": "< 3.5.6-1~deb13u2 (deb)" }, "fix": { "suggestedVersion": "3.5.6-1~deb13u2" } } ], "artifact": { "id": "68d68fd82614058a", "name": "libssl3t64", "version": "3.5.6-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3t64/copyright", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/usr/share/doc/libssl3t64/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3t64:libssl3t64:3.5.6-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3t64@3.5.6-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2024-26458", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { "cve": "CVE-2024-26458", "epss": 0.0025, "percentile": 0.48655, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-26458", "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0125 }, "relatedVulnerabilities": [ { "id": "CVE-2024-26458", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", "https://security.netapp.com/advisory/ntap-20240415-0010/" ], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-26458", "epss": 0.0025, "percentile": 0.48655, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-26458", "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b6ee860d702b8084", "name": "libgssapi-krb5-2", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2024-26458", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { "cve": "CVE-2024-26458", "epss": 0.0025, "percentile": 0.48655, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-26458", "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0125 }, "relatedVulnerabilities": [ { "id": "CVE-2024-26458", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", "https://security.netapp.com/advisory/ntap-20240415-0010/" ], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-26458", "epss": 0.0025, "percentile": 0.48655, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-26458", "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "52ef833c1503e21a", "name": "libk5crypto3", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2024-26458", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { "cve": "CVE-2024-26458", "epss": 0.0025, "percentile": 0.48655, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-26458", "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0125 }, "relatedVulnerabilities": [ { "id": "CVE-2024-26458", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", "https://security.netapp.com/advisory/ntap-20240415-0010/" ], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-26458", "epss": 0.0025, "percentile": 0.48655, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-26458", "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "d4c94f2fc66f3184", "name": "libkrb5-3", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2024-26458", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { "cve": "CVE-2024-26458", "epss": 0.0025, "percentile": 0.48655, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-26458", "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0125 }, "relatedVulnerabilities": [ { "id": "CVE-2024-26458", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", "https://security.netapp.com/advisory/ntap-20240415-0010/" ], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-26458", "epss": 0.0025, "percentile": 0.48655, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-26458", "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "56fc39be304d53f0", "name": "libkrb5support0", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2026-6429", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-6429", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6429", "epss": 0.00024, "percentile": 0.07127, "date": "2026-06-14" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.01236 }, "relatedVulnerabilities": [ { "id": "CVE-2026-6429", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-6429", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-6429.html", "https://curl.se/docs/CVE-2026-6429.json", "https://hackerone.com/reports/3677759" ], "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, libcurl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6429", "epss": 0.00024, "percentile": 0.07127, "date": "2026-06-14" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-6429", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "ee3eddc79e0634ef", "name": "libcurl4t64", "version": "8.14.1-2+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2025-14524", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14524", "epss": 0.00022, "percentile": 0.06581, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-14524", "cwe": "CWE-601", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.01133 }, "relatedVulnerabilities": [ { "id": "CVE-2025-14524", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-14524.html", "https://curl.se/docs/CVE-2025-14524.json", "https://hackerone.com/reports/3459417", "http://www.openwall.com/lists/oss-security/2026/01/07/4" ], "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14524", "epss": 0.00022, "percentile": 0.06581, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-14524", "cwe": "CWE-601", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2025-14524", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "ee3eddc79e0634ef", "name": "libcurl4t64", "version": "8.14.1-2+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2020-15719", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [], "epss": [ { "cve": "CVE-2020-15719", "epss": 0.00216, "percentile": 0.44326, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2020-15719", "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0108 }, "relatedVulnerabilities": [ { "id": "CVE-2020-15719", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", "https://access.redhat.com/errata/RHBA-2019:3674", "https://bugs.openldap.org/show_bug.cgi?id=9266", "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 4.2, "exploitabilityScore": 1.7, "impactScore": 2.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "metrics": { "baseScore": 4, "exploitabilityScore": 5, "impactScore": 5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2020-15719", "epss": 0.00216, "percentile": 0.44326, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2020-15719", "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "openldap", "version": "2.6.10+dfsg-1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2020-15719", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "46230cf5226e2e82", "name": "libldap2", "version": "2.6.10+dfsg-1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libldap2", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libldap2", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", "upstreams": [ { "name": "openldap" } ] } }, { "vulnerability": { "id": "CVE-2026-6276", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-6276", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same *easy handle* but without the custom `Host:` header set, the second request would use stale information and pass on cookies meant for the first host in the second request. Leak them.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6276", "epss": 0.00014, "percentile": 0.02607, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-6276", "cwe": "CWE-319", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.010499999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2026-6276", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-6276", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://curl.se/docs/CVE-2026-6276.html", "https://curl.se/docs/CVE-2026-6276.json", "https://hackerone.com/reports/3671818", "http://www.openwall.com/lists/oss-security/2026/04/29/13" ], "description": "Using libcurl, when a custom `Host:` header is first set for an HTTP request\nand a second request is subsequently done using the same *easy handle* but\nwithout the custom `Host:` header set, the second request would use stale\ninformation and pass on cookies meant for the first host in the second\nrequest. Leak them.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6276", "epss": 0.00014, "percentile": 0.02607, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-6276", "cwe": "CWE-319", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-6276", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "ee3eddc79e0634ef", "name": "libcurl4t64", "version": "8.14.1-2+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2023-31437", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { "cve": "CVE-2023-31437", "epss": 0.00187, "percentile": 0.40556, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2023-31437", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2023-31437", "cwe": "CWE-354", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.009349999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2023-31437", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/releases" ], "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-31437", "epss": 0.00187, "percentile": 0.40556, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2023-31437", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2023-31437", "cwe": "CWE-354", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.13-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "4535fe0ddd8868bf", "name": "libsystemd0", "version": "257.13-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libsystemd0:libsystemd0:257.13-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libsystemd0@257.13-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", "upstreams": [ { "name": "systemd" } ] } }, { "vulnerability": { "id": "CVE-2023-31437", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { "cve": "CVE-2023-31437", "epss": 0.00187, "percentile": 0.40556, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2023-31437", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2023-31437", "cwe": "CWE-354", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.009349999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2023-31437", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/releases" ], "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-31437", "epss": 0.00187, "percentile": 0.40556, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2023-31437", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2023-31437", "cwe": "CWE-354", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.13-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "f32141b2e65d8b82", "name": "systemd", "version": "257.13-1~deb13u1", "type": "deb", "locations": [ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:systemd:systemd:257.13-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/Debian/systemd@257.13-1~deb13u1?distro=Debian", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2026-6238", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-6238", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6238", "epss": 0.00016, "percentile": 0.03834, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-6238", "cwe": "CWE-126", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.0092 }, "relatedVulnerabilities": [ { "id": "CVE-2026-6238", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-6238", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "https://sourceware.org/bugzilla/show_bug.cgi?id=34069" ], "description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.\n\nThese functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6238", "epss": 0.00016, "percentile": 0.03834, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-6238", "cwe": "CWE-126", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "glibc", "version": "2.41-12+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-6238", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "60ad05465b379abb", "name": "libc6", "version": "2.41-12+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "BSD-2-clause", "BSD-3-clause-Berkeley", "BSD-3-clause-Carnegie", "BSD-3-clause-Oracle", "BSD-3-clause-WIDE", "BSD-like-Spencer", "BSL-1.0", "CORE-MATH", "Carnegie", "DEC", "FSFAP", "GPL-2", "GPL-2+", "GPL-2+-with-link-exception", "GPL-3", "GPL-3+", "IBM", "ISC", "Inner-Net", "LGPL-2", "LGPL-2+", "LGPL-2.1", "LGPL-2.1+", "LGPL-2.1+-with-link-exception", "LGPL-3", "LGPL-3+", "MIT-like-Lord", "PCRE", "SunPro", "Unicode-DFS-2016", "Univ-Coimbra", "public-domain" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.41-12\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2026-4873", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4873", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request to that same host bypasses the TLS requirement and instead transmit data unencrypted.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4873", "epss": 0.00015, "percentile": 0.031, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-4873", "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2026-4873", "cwe": "CWE-319", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.008175 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4873", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4873", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-4873.html", "https://curl.se/docs/CVE-2026-4873.json", "https://hackerone.com/reports/3621851", "http://www.openwall.com/lists/oss-security/2026/04/29/7" ], "description": "A vulnerability exists where a connection requiring TLS incorrectly reuses an\nexisting unencrypted connection from the same connection pool. If an initial\ntransfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request\nto that same host bypasses the TLS requirement and instead transmit data\nunencrypted.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4873", "epss": 0.00015, "percentile": 0.031, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-4873", "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2026-4873", "cwe": "CWE-319", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-4873", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "ee3eddc79e0634ef", "name": "libcurl4t64", "version": "8.14.1-2+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2017-14159", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [], "epss": [ { "cve": "CVE-2017-14159", "epss": 0.00158, "percentile": 0.3667, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2017-14159", "cwe": "CWE-665", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0079 }, "relatedVulnerabilities": [ { "id": "CVE-2017-14159", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "http://www.openldap.org/its/index.cgi?findid=8703", "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 1.9, "exploitabilityScore": 3.4, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2017-14159", "epss": 0.00158, "percentile": 0.3667, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2017-14159", "cwe": "CWE-665", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "openldap", "version": "2.6.10+dfsg-1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2017-14159", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "46230cf5226e2e82", "name": "libldap2", "version": "2.6.10+dfsg-1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libldap2", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libldap2", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", "upstreams": [ { "name": "openldap" } ] } }, { "vulnerability": { "id": "CVE-2023-31438", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { "cve": "CVE-2023-31438", "epss": 0.00154, "percentile": 0.36108, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0077 }, "relatedVulnerabilities": [ { "id": "CVE-2023-31438", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/pull/28886", "https://github.com/systemd/systemd/releases" ], "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-31438", "epss": 0.00154, "percentile": 0.36108, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.13-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "4535fe0ddd8868bf", "name": "libsystemd0", "version": "257.13-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libsystemd0:libsystemd0:257.13-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libsystemd0@257.13-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", "upstreams": [ { "name": "systemd" } ] } }, { "vulnerability": { "id": "CVE-2023-31438", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { "cve": "CVE-2023-31438", "epss": 0.00154, "percentile": 0.36108, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0077 }, "relatedVulnerabilities": [ { "id": "CVE-2023-31438", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/pull/28886", "https://github.com/systemd/systemd/releases" ], "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-31438", "epss": 0.00154, "percentile": 0.36108, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.13-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "f32141b2e65d8b82", "name": "systemd", "version": "257.13-1~deb13u1", "type": "deb", "locations": [ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:systemd:systemd:257.13-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/Debian/systemd@257.13-1~deb13u1?distro=Debian", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2019-1010022", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { "cve": "CVE-2019-1010022", "epss": 0.0015, "percentile": 0.35531, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2019-1010022", "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.007500000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2019-1010022", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "namespace": "nvd:cpe", "severity": "Critical", "urls": [ "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", "https://ubuntu.com/security/CVE-2019-1010022" ], "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "metrics": { "baseScore": 7.5, "exploitabilityScore": 10, "impactScore": 6.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2019-1010022", "epss": 0.0015, "percentile": 0.35531, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2019-1010022", "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "glibc", "version": "2.41-12+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2019-1010022", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "60ad05465b379abb", "name": "libc6", "version": "2.41-12+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "BSD-2-clause", "BSD-3-clause-Berkeley", "BSD-3-clause-Carnegie", "BSD-3-clause-Oracle", "BSD-3-clause-WIDE", "BSD-like-Spencer", "BSL-1.0", "CORE-MATH", "Carnegie", "DEC", "FSFAP", "GPL-2", "GPL-2+", "GPL-2+-with-link-exception", "GPL-3", "GPL-3+", "IBM", "ISC", "Inner-Net", "LGPL-2", "LGPL-2+", "LGPL-2.1", "LGPL-2.1+", "LGPL-2.1+-with-link-exception", "LGPL-3", "LGPL-3+", "MIT-like-Lord", "PCRE", "SunPro", "Unicode-DFS-2016", "Univ-Coimbra", "public-domain" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.41-12\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2023-31439", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { "cve": "CVE-2023-31439", "epss": 0.00138, "percentile": 0.33683, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2023-31439", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0069 }, "relatedVulnerabilities": [ { "id": "CVE-2023-31439", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/pull/28885", "https://github.com/systemd/systemd/releases" ], "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-31439", "epss": 0.00138, "percentile": 0.33683, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2023-31439", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.13-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "4535fe0ddd8868bf", "name": "libsystemd0", "version": "257.13-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libsystemd0:libsystemd0:257.13-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libsystemd0@257.13-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", "upstreams": [ { "name": "systemd" } ] } }, { "vulnerability": { "id": "CVE-2023-31439", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { "cve": "CVE-2023-31439", "epss": 0.00138, "percentile": 0.33683, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2023-31439", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0069 }, "relatedVulnerabilities": [ { "id": "CVE-2023-31439", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/pull/28885", "https://github.com/systemd/systemd/releases" ], "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-31439", "epss": 0.00138, "percentile": 0.33683, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2023-31439", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.13-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "f32141b2e65d8b82", "name": "systemd", "version": "257.13-1~deb13u1", "type": "deb", "locations": [ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:systemd:systemd:257.13-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/Debian/systemd@257.13-1~deb13u1?distro=Debian", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2026-45446", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-45446", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the authentication of AAD (Additional Authenticated Data) with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's application using these ciphers. AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) are nonce-misuse-resistant AEAD modes: they accept a key, nonce, optional AAD (bytes that are authenticated but not encrypted), and plaintext, and produces ciphertext plus a 16-byte tag. On decrypt, `EVP_DecryptFinal_ex()` is documented to return success only if the tag is verified succesfully. In OpenSSL's provider implementation of these ciphers, the expected tag is computed only when decryption function is invoked with non-empty data. If the caller supplies AAD and then calls `EVP_DecryptFinal_ex()` without invocation of the ciphertext update, which can happen when the received ciphertext length is zero, the tag is never recalculated and still holds its all-zeros value. When AES-GCM-SIV is used, an attacker who sends arbitrary AAD, empty ciphertext, and all-zeros tag passes authentication under any key they do not know, single-shot. When AES-SIV is used, for mounting the attack it's necessary for the application to reuse the decryption context without resetting the key. AES-SIV is implemented since OpenSSL 3.0. AES-GCM-SIV is implemented since OpenSSL 3.2. No protocols implemented in OpenSSL itself (TLS/CMS/PKCS7/HPKE/QUIC) support either AES-GCM-SIV or AES-SIV. To mount an attack, the applications must implement their own protocol and use the EVP interface. Also they must skip the ciphertext update when a message with an empty ciphertext arrives. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as these algorithms are not FIPS approved and the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 4.8, "exploitabilityScore": 2.3, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-45446", "epss": 0.00012, "percentile": 0.01613, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-45446", "cwe": "CWE-325", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.5.6-1~deb13u2" ], "state": "fixed", "available": [ { "version": "3.5.6-1~deb13u2", "date": "2026-06-09", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6335-1", "link": "https://security-tracker.debian.org/tracker/DSA-6335-1" } ], "risk": 0.00588 }, "relatedVulnerabilities": [ { "id": "CVE-2026-45446", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-45446", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/openssl/openssl/commit/25b32cd9d41d2bc01b6abc425bb4baf2c2236fdc", "https://github.com/openssl/openssl/commit/71e2a5d263518cf5866043bd60ee4994d59e53a3", "https://github.com/openssl/openssl/commit/7fe3f33a3b3a4c487aa4dcdbc87057f66ffd2b85", "https://github.com/openssl/openssl/commit/daca0f48e4a69a2892a62262bad59e62a8a76598", "https://github.com/openssl/openssl/commit/eec5e9bf0d867333b8495e456f5235d225798a68", "https://openssl-library.org/news/secadv/20260609.txt" ], "description": "Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV\n(RFC 8452) mishandle the authentication of AAD (Additional Authenticated\nData) with an empty ciphertext allowing a forgery of such messages.\n\nImpact summary: An attacker can forge empty messages with arbitrary AAD\nto the victim's application using these ciphers.\n\nAES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) are nonce-misuse-resistant AEAD\nmodes: they accept a key, nonce, optional AAD (bytes that are authenticated\nbut not encrypted), and plaintext, and produces ciphertext plus a 16-byte\ntag. On decrypt, `EVP_DecryptFinal_ex()` is documented to return success only\nif the tag is verified succesfully.\n\nIn OpenSSL's provider implementation of these ciphers, the expected tag is\ncomputed only when decryption function is invoked with non-empty data.\nIf the caller supplies AAD and then calls `EVP_DecryptFinal_ex()` without\ninvocation of the ciphertext update, which can happen when the received\nciphertext length is zero, the tag is never recalculated and still holds its\nall-zeros value.\n\nWhen AES-GCM-SIV is used, an attacker who sends arbitrary AAD, empty\nciphertext, and all-zeros tag passes authentication under any key they do not\nknow, single-shot. When AES-SIV is used, for mounting the attack it's\nnecessary for the application to reuse the decryption context without\nresetting the key.\n\nAES-SIV is implemented since OpenSSL 3.0. AES-GCM-SIV is implemented since\nOpenSSL 3.2.\n\nNo protocols implemented in OpenSSL itself (TLS/CMS/PKCS7/HPKE/QUIC) support\neither AES-GCM-SIV or AES-SIV. To mount an attack, the applications must\nimplement their own protocol and use the EVP interface. Also they must skip the\nciphertext update when a message with an empty ciphertext arrives.\n\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this\nissue, as these algorithms are not FIPS approved and the affected code is\noutside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 4.8, "exploitabilityScore": 2.3, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-45446", "epss": 0.00012, "percentile": 0.01613, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-45446", "cwe": "CWE-325", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "openssl", "version": "3.5.6-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-45446", "versionConstraint": "< 3.5.6-1~deb13u2 (deb)" }, "fix": { "suggestedVersion": "3.5.6-1~deb13u2" } } ], "artifact": { "id": "68d68fd82614058a", "name": "libssl3t64", "version": "3.5.6-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3t64/copyright", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/usr/share/doc/libssl3t64/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3t64:libssl3t64:3.5.6-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3t64@3.5.6-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2026-27171", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-27171", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27171", "epss": 0.00009, "percentile": 0.00876, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-27171", "cwe": "CWE-1284", "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.004725 }, "relatedVulnerabilities": [ { "id": "CVE-2026-27171", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", "https://github.com/madler/zlib/issues/904", "https://github.com/madler/zlib/releases/tag/v1.3.2", "https://ostif.org/zlib-audit-complete/" ], "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.9, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27171", "epss": 0.00009, "percentile": 0.00876, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-27171", "cwe": "CWE-1284", "source": "cve@mitre.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "zlib", "version": "1:1.3.dfsg+really1.3.1-1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-27171", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "9624b8abfaf8a472", "name": "zlib1g", "version": "1:1.3.dfsg+really1.3.1-1+b1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/zlib1g", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/zlib1g", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/zlib1g/copyright", "layerID": "sha256:e4ba966d7f0527dfe0fcb559e4e18d4da42c4e6beae924719255e0dedb554ed0", "accessPath": "/usr/share/doc/zlib1g/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/zlib1g.md5sums", "layerID": "sha256:e4ba966d7f0527dfe0fcb559e4e18d4da42c4e6beae924719255e0dedb554ed0", "accessPath": "/var/lib/dpkg/status.d/zlib1g.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Zlib" ], "cpes": [ "cpe:2.3:a:zlib1g:zlib1g:1\\:1.3.dfsg\\+really1.3.1-1\\+b1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/zlib1g@1%3A1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64&distro=debian-13&upstream=zlib%401%3A1.3.dfsg%2Breally1.3.1-1", "upstreams": [ { "name": "zlib", "version": "1:1.3.dfsg+really1.3.1-1" } ] } }, { "vulnerability": { "id": "CVE-2026-34182", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-34182", "namespace": "debian:distro:debian:13", "severity": "Critical", "urls": [], "description": "Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve key-equivalent functionality for a given CMS recipient and/or bypass integrity validation for a given message. In one use case, an attacker may send a CMS message containing AuthEnvelopedData with the cipher specified as a non-AEAD cipher. OpenSSL erroneously allows this selection, and attempts to decrypt and validate the message. An on-path attacker who captures one legitimate AES-GCM AuthEnvelopedData addressed to the victim can re-emit it with the recipientInfos set left byte-for-byte intact, so the victim's private key still unwraps the genuine CEK (the content-encryption key), but with the inner OID rewritten to AES-256-OFB (Output Feedback Mode, an unauthenticated keystream mode) and with an attacker-chosen IV and ciphertext. The victim initializes AES-256-OFB under the real CEK, never consults the MAC field, and CMS_decrypt() returns success. If the application under attack responds to the attacker with any indicator showing success or failure of the decryption effort, it is possible for the attacker to use this as an oracle to obtain key equivalent functionality for the CEK used for the chosen recipient of the message. In another use case, an attacker can reduce the tag length of the chosen AEAD cipher for a given AuthEnvelopedData container to be a single byte long, allowing an attacker to brute force CMS decryption, producing an integrity bypass for applications that trust CMS_decrypt() to reject modified content. The FIPS modules are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 9.1, "exploitabilityScore": 3.9, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-34182", "epss": 0.00005, "percentile": 0.00231, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-34182", "cwe": "CWE-354", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.5.6-1~deb13u2" ], "state": "fixed", "available": [ { "version": "3.5.6-1~deb13u2", "date": "2026-06-09", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6335-1", "link": "https://security-tracker.debian.org/tracker/DSA-6335-1" } ], "risk": 0.004525 }, "relatedVulnerabilities": [ { "id": "CVE-2026-34182", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-34182", "namespace": "nvd:cpe", "severity": "Critical", "urls": [ "https://github.com/openssl/openssl/commit/03c1f4d45fb963aee7d5833390c507cd290182bc", "https://github.com/openssl/openssl/commit/439ed7d2c0962ce964482727264668bf277c333f", "https://github.com/openssl/openssl/commit/7947e6a81eb8776802f159fb6762cb7fcf7e34c7", "https://github.com/openssl/openssl/commit/9fd97f8cfdc2c0be214998de3b2b55c8edf6c7ac", "https://github.com/openssl/openssl/commit/d2ca86bcd43e4f17d899f347101766b6107676e0", "https://openssl-library.org/news/secadv/20260609.txt" ], "description": "Issue Summary: Cryptographic Message Services (CMS) processing fails to perform\nsufficient input validation on the cipher and tag length fields of\nAuthEnvelopedData containers, leading to various potential compromises.\n\nImpact Summary: Attackers making use of these vulnerabilities may achieve\nkey-equivalent functionality for a given CMS recipient and/or bypass integrity\nvalidation for a given message.\n\nIn one use case, an attacker may send a CMS message containing\nAuthEnvelopedData with the cipher specified as a non-AEAD cipher. OpenSSL\nerroneously allows this selection, and attempts to decrypt and validate the\nmessage.\n\nAn on-path attacker who captures one legitimate AES-GCM AuthEnvelopedData\naddressed to the victim can re-emit it with the recipientInfos set left\nbyte-for-byte intact, so the victim's private key still unwraps the genuine CEK\n(the content-encryption key), but with the inner OID rewritten to AES-256-OFB\n(Output Feedback Mode, an unauthenticated keystream mode) and with an\nattacker-chosen IV and ciphertext. The victim initializes AES-256-OFB under the\nreal CEK, never consults the MAC field, and CMS_decrypt() returns success.\n\nIf the application under attack responds to the attacker with any indicator\nshowing success or failure of the decryption effort, it is possible for the\nattacker to use this as an oracle to obtain key equivalent functionality for the\nCEK used for the chosen recipient of the message.\n\nIn another use case, an attacker can reduce the tag length of the chosen AEAD\ncipher for a given AuthEnvelopedData container to be a single byte long,\nallowing an attacker to brute force CMS decryption, producing an integrity\nbypass for applications that trust CMS_decrypt() to reject modified content.\n\nThe FIPS modules are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 9.1, "exploitabilityScore": 3.9, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-34182", "epss": 0.00005, "percentile": 0.00231, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-34182", "cwe": "CWE-354", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "openssl", "version": "3.5.6-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-34182", "versionConstraint": "< 3.5.6-1~deb13u2 (deb)" }, "fix": { "suggestedVersion": "3.5.6-1~deb13u2" } } ], "artifact": { "id": "68d68fd82614058a", "name": "libssl3t64", "version": "3.5.6-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3t64/copyright", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/usr/share/doc/libssl3t64/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3t64:libssl3t64:3.5.6-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3t64@3.5.6-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2026-41989", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-41989", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 1.5, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-41989", "epss": 0.00007, "percentile": 0.00581, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-41989", "cwe": "CWE-787", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [ "1.11.0-7+deb13u1" ], "state": "fixed", "available": [ { "version": "1.11.0-7+deb13u1", "date": "2026-05-22", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6294-1", "link": "https://security-tracker.debian.org/tracker/DSA-6294-1" } ], "risk": 0.004095 }, "relatedVulnerabilities": [ { "id": "CVE-2026-41989", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-41989", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://dev.gnupg.org/T8211", "https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html", "https://www.openwall.com/lists/oss-security/2026/04/21/1" ], "description": "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 1.5, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-41989", "epss": 0.00007, "percentile": 0.00581, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-41989", "cwe": "CWE-787", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "libgcrypt20", "version": "1.11.0-7" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-41989", "versionConstraint": "< 1.11.0-7+deb13u1 (deb)" }, "fix": { "suggestedVersion": "1.11.0-7+deb13u1" } } ], "artifact": { "id": "5826072934743d2f", "name": "libgcrypt20", "version": "1.11.0-7", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2024-26461", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { "cve": "CVE-2024-26461", "epss": 0.00081, "percentile": 0.24139, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-26461", "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00405 }, "relatedVulnerabilities": [ { "id": "CVE-2024-26461", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", "https://security.netapp.com/advisory/ntap-20240415-0011/" ], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-26461", "epss": 0.00081, "percentile": 0.24139, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-26461", "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b6ee860d702b8084", "name": "libgssapi-krb5-2", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2024-26461", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { "cve": "CVE-2024-26461", "epss": 0.00081, "percentile": 0.24139, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-26461", "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00405 }, "relatedVulnerabilities": [ { "id": "CVE-2024-26461", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", "https://security.netapp.com/advisory/ntap-20240415-0011/" ], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-26461", "epss": 0.00081, "percentile": 0.24139, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-26461", "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "52ef833c1503e21a", "name": "libk5crypto3", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2024-26461", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { "cve": "CVE-2024-26461", "epss": 0.00081, "percentile": 0.24139, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-26461", "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00405 }, "relatedVulnerabilities": [ { "id": "CVE-2024-26461", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", "https://security.netapp.com/advisory/ntap-20240415-0011/" ], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-26461", "epss": 0.00081, "percentile": 0.24139, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-26461", "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "d4c94f2fc66f3184", "name": "libkrb5-3", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2024-26461", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { "cve": "CVE-2024-26461", "epss": 0.00081, "percentile": 0.24139, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-26461", "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00405 }, "relatedVulnerabilities": [ { "id": "CVE-2024-26461", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", "https://security.netapp.com/advisory/ntap-20240415-0011/" ], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-26461", "epss": 0.00081, "percentile": 0.24139, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2024-26461", "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "56fc39be304d53f0", "name": "libkrb5support0", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2026-42769", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-42769", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol (CMP) message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority (RA) level to the root Certification Authority (root CA) level. Impact Summary: The Registration Autority could replace the root CA certificate for the CMP clients with an arbitrary root CA certificate. One of the parts of the Certificate Management Protocol (CMP), specified in RFC 9810, is Root Certification Authority (root CA) key Rollover, which is sent by the server in a message with type 'id-it-rootCaKeyUpdate'. As part of these messages, 'newWithOld' certificate, the new root CA certificate signed with the old root CA key, is provided, and verifying its signature is crucial for transferring the trust from the old CA key to the new one. The 'id-it-rootCaKeyUpdate' messages are expected to be processed with OSSL_CMP_get1_rootCaKeyUpdate(), that is expected to verify the 'newWithOld' certificate. A typo in the certificate chain building code led to adding an incorrect certificate ('newWithOld' instead of 'oldRoot') to the certificate chain, rendering the certificate verification process ineffectual (only the issuer name and the algorithm OIDs were verified by other parts of the verification code). An attacker who already has credentials that satisfy the CMP message protection checks can generate a new key pair and use a crafted self-signed certificate in its 'id-it-rootCaKeyUpdate' CMP messages which affected CMP clients would accept as a new trust anchor. Significant preconditions for the attack (having valid RA-level credentials) are the reason the issue was assigned Low severity. The FIPS modules are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-42769", "epss": 0.00007, "percentile": 0.00591, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-42769", "cwe": "CWE-295", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.5.6-1~deb13u2" ], "state": "fixed", "available": [ { "version": "3.5.6-1~deb13u2", "date": "2026-06-10", "kind": "first-observed" } ] }, "advisories": [], "risk": 0.0036049999999999997 }, "relatedVulnerabilities": [ { "id": "CVE-2026-42769", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-42769", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/openssl/openssl/commit/54d0989997e5fc26057009a9782c3441ce3842fb", "https://github.com/openssl/openssl/commit/777b363b16fcf2153bb3ded39dc3838713667c44", "https://github.com/openssl/openssl/commit/d35cd473a271bf3ce7bf3d32af53217fb83ae92c", "https://github.com/openssl/openssl/commit/d531f21c0fe99067a66fc0ff1161ef127f9cd70b", "https://openssl-library.org/news/secadv/20260609.txt" ], "description": "Issue Summary: An error in the callback used to verify the certificate\nprovided in a Root CA key update Certificate Management Protocol (CMP)\nmessage response rendered the certificate validation ineffectual, which\ncould lead to escalation of credentials from the Registration Authority (RA)\nlevel to the root Certification Authority (root CA) level.\n\nImpact Summary: The Registration Autority could replace the root CA\ncertificate for the CMP clients with an arbitrary root CA certificate.\n\nOne of the parts of the Certificate Management Protocol (CMP), specified in\nRFC 9810, is Root Certification Authority (root CA) key Rollover,\nwhich is sent by the server in a message with type 'id-it-rootCaKeyUpdate'.\nAs part of these messages, 'newWithOld' certificate, the new root CA\ncertificate signed with the old root CA key, is provided, and verifying its\nsignature is crucial for transferring the trust from the old CA key to the\nnew one.\n\nThe 'id-it-rootCaKeyUpdate' messages are expected to be processed with\nOSSL_CMP_get1_rootCaKeyUpdate(), that is expected to verify the 'newWithOld'\ncertificate. A typo in the certificate chain building code led to adding\nan incorrect certificate ('newWithOld' instead of 'oldRoot') to the\ncertificate chain, rendering the certificate verification process ineffectual\n(only the issuer name and the algorithm OIDs were verified by other parts\nof the verification code).\n\nAn attacker who already has credentials that satisfy the CMP message\nprotection checks can generate a new key pair and use a crafted self-signed\ncertificate in its 'id-it-rootCaKeyUpdate' CMP messages which affected CMP\nclients would accept as a new trust anchor.\n\nSignificant preconditions for the attack (having valid RA-level credentials)\nare the reason the issue was assigned Low severity.\n\nThe FIPS modules are not affected by this issue, as the affected code is\noutside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-42769", "epss": 0.00007, "percentile": 0.00591, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-42769", "cwe": "CWE-295", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "openssl", "version": "3.5.6-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-42769", "versionConstraint": "< 3.5.6-1~deb13u2 (deb)" }, "fix": { "suggestedVersion": "3.5.6-1~deb13u2" } } ], "artifact": { "id": "68d68fd82614058a", "name": "libssl3t64", "version": "3.5.6-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3t64/copyright", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/usr/share/doc/libssl3t64/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3t64:libssl3t64:3.5.6-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3t64@3.5.6-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2025-15224", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cvss": [], "epss": [ { "cve": "CVE-2025-15224", "epss": 0.00064, "percentile": 0.20389, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-15224", "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0032000000000000006 }, "relatedVulnerabilities": [ { "id": "CVE-2025-15224", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://curl.se/docs/CVE-2025-15224.html", "https://curl.se/docs/CVE-2025-15224.json", "https://hackerone.com/reports/3480925", "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.1, "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-15224", "epss": 0.00064, "percentile": 0.20389, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-15224", "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "ee3eddc79e0634ef", "name": "libcurl4t64", "version": "8.14.1-2+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2026-42768", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-42768", "namespace": "debian:distro:debian:13", "severity": "Low", "urls": [], "description": "Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an attacker to use the victim's vulnerable application as a way to decrypt or sign messages with the victim's private RSA key. The attack is possible in 2 variants. 1. The decryption API (CMS_decrypt(), PKCS7_decrypt()) is used without providing the recipient certificate. In this case OpenSSL iterates over every KeyTransRecipientInfo (KTRI) without stopping at the first success. An attacker who authors a message with two KTRI entries — the first one wrapping a real CEK under the victim's public key, the second with an arbitrary probe ciphertext — obtains opportunity to iterate the 2nd KTRI to get a valid PKCS#1 v1.5 padding if the error code of the application is available. That is a Bleichenbacher oracle (Bleichenbacher, CRYPTO '98): an adaptive-chosen-ciphertext side channel from which the attacker decrypts any RSA ciphertext to the victim's key or forges any PKCS#1 v1.5 signature under it. 2. When the decryption API (CMS_decrypt(), PKCS7_decrypt()) is provided with the recipient certificate, and the recipient is not found, a random key is substituted. An attacker who authors a message and is able to compare both error code and the result of the decryption, can mount a Bleichenbacher oracle. We are not aware of any applications that provide a remote attacker an opportunity to mount an attack described in these scenarios. We consider the existence of such application very unlikely, and for this reason this CVE has been evaluated as Low severity. To avoid these attacks, when RSA PKCS#1 v1.5 Key Transport is in use, the invoked EVP_PKEY_decrypt() will use the implicit rejection mechanism described in draft-irtf-cfrg-rsa-guidance. In previous OpenSSL releases the implicit rejection was explicitly disabled. The implicit rejection mechanism always returns a plaintext value, the symmetric key. This result is deterministic for the ciphertext and the private key. The length of the decryption result can happen to match the length of the key of the symmetric cipher that was used for the content encryption. When a certificate is not provided, the last RecipientInfo producing a key that looks valid will be used. It may cause getting garbage content on decryption. As a proper way to deal with this a recipient certificate has to be provided to identify the particular RecipientInfo for decryption. The FIPS modules in 4.0, 3.6, 3.5, and 3.4 are not affected by this issue, as CMS and S/MIME processing happens outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-42768", "epss": 0.00009, "percentile": 0.00975, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-42768", "cwe": "CWE-514", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.5.6-1~deb13u2" ], "state": "fixed", "available": [ { "version": "3.5.6-1~deb13u2", "date": "2026-06-10", "kind": "first-observed" } ] }, "advisories": [], "risk": 0.003015 }, "relatedVulnerabilities": [ { "id": "CVE-2026-42768", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-42768", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://github.com/openssl/openssl/commit/a2ca7b2d73e0ffc1eae183fe6e1741dac767cb4f", "https://github.com/openssl/openssl/commit/bbb151a83041705d9d001ed2f9c12f5523e1b54d", "https://github.com/openssl/openssl/commit/dd68364107a58841c0a2546812518b65d3a23abd", "https://github.com/openssl/openssl/commit/f04b377be3d821741c86d1f4bf84dee09f3d5c3e", "https://openssl-library.org/news/secadv/20260609.txt" ], "description": "Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to\nBleichenbacher-style attack when an attacker is able to provide the CMS or\nS/MIME messages and observe the error code and/or decryption output.\n\nImpact summary: The Bleichenbacher-style attack allows an attacker to use the\nvictim's vulnerable application as a way to decrypt or sign messages with the\nvictim's private RSA key.\n\nThe attack is possible in 2 variants.\n\n1. The decryption API (CMS_decrypt(), PKCS7_decrypt()) is used without\nproviding the recipient certificate. In this case OpenSSL iterates over every\nKeyTransRecipientInfo (KTRI) without stopping at the first success.\n\nAn attacker who authors a message with two KTRI entries — the first one\nwrapping a real CEK under the victim's public key, the second with an\narbitrary probe ciphertext — obtains opportunity to iterate the 2nd KTRI to\nget a valid PKCS#1 v1.5 padding if the error code of the application is\navailable.\n\nThat is a Bleichenbacher oracle (Bleichenbacher, CRYPTO '98): an\nadaptive-chosen-ciphertext side channel from which the attacker decrypts any\nRSA ciphertext to the victim's key or forges any PKCS#1 v1.5 signature under\nit.\n\n2. When the decryption API (CMS_decrypt(), PKCS7_decrypt()) is provided with\nthe recipient certificate, and the recipient is not found, a random\nkey is substituted.\n\nAn attacker who authors a message and is able to compare both error code and\nthe result of the decryption, can mount a Bleichenbacher oracle.\n\nWe are not aware of any applications that provide a remote attacker\nan opportunity to mount an attack described in these scenarios. We consider\nthe existence of such application very unlikely, and for this reason this\nCVE has been evaluated as Low severity.\n\nTo avoid these attacks, when RSA PKCS#1 v1.5 Key Transport is in use, the\ninvoked EVP_PKEY_decrypt() will use the implicit rejection mechanism described\nin draft-irtf-cfrg-rsa-guidance. In previous OpenSSL releases the implicit\nrejection was explicitly disabled.\n\nThe implicit rejection mechanism always returns a plaintext value,\nthe symmetric key. This result is deterministic for the ciphertext and the\nprivate key. The length of the decryption result can happen to match the\nlength of the key of the symmetric cipher that was used for the content\nencryption. When a certificate is not provided, the last RecipientInfo\nproducing a key that looks valid will be used. It may cause getting garbage\ncontent on decryption. As a proper way to deal with this a recipient\ncertificate has to be provided to identify the particular RecipientInfo for\ndecryption.\n\nThe FIPS modules in 4.0, 3.6, 3.5, and 3.4 are not affected by this issue, as\nCMS and S/MIME processing happens outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-42768", "epss": 0.00009, "percentile": 0.00975, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-42768", "cwe": "CWE-514", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "openssl", "version": "3.5.6-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-42768", "versionConstraint": "< 3.5.6-1~deb13u2 (deb)" }, "fix": { "suggestedVersion": "3.5.6-1~deb13u2" } } ], "artifact": { "id": "68d68fd82614058a", "name": "libssl3t64", "version": "3.5.6-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3t64/copyright", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/usr/share/doc/libssl3t64/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3t64:libssl3t64:3.5.6-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3t64@3.5.6-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2026-34181", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-34181", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "Issue Summary: The PKCS#12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 (PBMAC1) integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service reading PKCS#12 files to accept forged certificates and private keys with a 1 in 256 probability. If a service accepting PKCS#12 files is using passwords for authenticating the received files, the attacker can create unencrypted PKCS#12 files that use PBMAC1 authentication that specifies an HMAC key of only one byte, allowing them to craft a file that will be accepted with a 1 in 256 probability. That would then cause the service to accept a certificate and private key controlled by the attacker. The FIPS modules are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 7.4, "exploitabilityScore": 2.3, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-34181", "epss": 0.00004, "percentile": 0.00206, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-34181", "cwe": "CWE-354", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.5.6-1~deb13u2" ], "state": "fixed", "available": [ { "version": "3.5.6-1~deb13u2", "date": "2026-06-10", "kind": "first-observed" } ] }, "advisories": [], "risk": 0.0029800000000000004 }, "relatedVulnerabilities": [ { "id": "CVE-2026-34181", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-34181", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/0300eb9ddce7a0895bf301a4b0c03a9da2313a0f", "https://github.com/openssl/openssl/commit/79eb76a937e474bb7610a0a3dc57131dc8dc6610", "https://github.com/openssl/openssl/commit/85dcbb3abaa4878af5c8fbbe11bce708fcf984a7", "https://github.com/openssl/openssl/commit/ec36f2417c4ddd8cabce4b4a60a3d7a7365f2d81", "https://openssl-library.org/news/secadv/20260609.txt" ], "description": "Issue Summary: The PKCS#12 file processing fails to perform sufficient input\nvalidation for files that use Password-Based Message Authentication Code 1\n(PBMAC1) integrity mechanism allowing a certificate and private key forgery.\n\nImpact Summary: An attacker impersonating a user can cause a service reading\nPKCS#12 files to accept forged certificates and private keys with a 1 in 256\nprobability.\n\nIf a service accepting PKCS#12 files is using passwords for authenticating\nthe received files, the attacker can create unencrypted PKCS#12 files that\nuse PBMAC1 authentication that specifies an HMAC key of only one byte, allowing\nthem to craft a file that will be accepted with a 1 in 256 probability.\nThat would then cause the service to accept a certificate and private key\ncontrolled by the attacker.\n\nThe FIPS modules are not affected by this issue, as the affected code is\noutside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 7.4, "exploitabilityScore": 2.3, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-34181", "epss": 0.00004, "percentile": 0.00206, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-34181", "cwe": "CWE-354", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "openssl", "version": "3.5.6-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-34181", "versionConstraint": "< 3.5.6-1~deb13u2 (deb)" }, "fix": { "suggestedVersion": "3.5.6-1~deb13u2" } } ], "artifact": { "id": "68d68fd82614058a", "name": "libssl3t64", "version": "3.5.6-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3t64/copyright", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/usr/share/doc/libssl3t64/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3t64:libssl3t64:3.5.6-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3t64@3.5.6-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2026-42770", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-42770", "namespace": "debian:distro:debian:13", "severity": "Low", "urls": [], "description": "Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r (a small prime factor of the cofactor (p−1)/q_local), and a public value Y of order r can recover the victim's private key after a small number of key exchange attempts. When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the subgroup membership check Y^q ≡ 1 (mod p) is performed using the peer's own q parameter, not the local key's q. The peer's domain parameters are then matched against the domain parameters of the private key, but the value of q is not compared. A malicious peer who presents an X9.42 key carrying the victim's p, g, a forged q = r (a small prime factor of the cofactor), and a public value Y of order r passes all checks. The shared secret then takes only r distinct values, leaking priv mod r. Repeating for each small-prime factor of the cofactor and combining via CRT recovers the full private key (Lim–Lee / small-subgroup-confinement attack). The realistic attack surface is narrow: principally CMP deployments with long-lived RA/CA DHX keys and bespoke enterprise or government applications using X9.42 DHX static keys with interactive protocols and therefore this issue was assigned Low severity. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-42770", "epss": 0.00008, "percentile": 0.0086, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-42770", "cwe": "CWE-325", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ "3.5.6-1~deb13u2" ], "state": "fixed", "available": [ { "version": "3.5.6-1~deb13u2", "date": "2026-06-09", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6335-1", "link": "https://security-tracker.debian.org/tracker/DSA-6335-1" } ], "risk": 0.00268 }, "relatedVulnerabilities": [ { "id": "CVE-2026-42770", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-42770", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://github.com/openssl/openssl/commit/3da5a516cd2635a320ff748503db2cef7c4b0f02", "https://github.com/openssl/openssl/commit/3ddbb7ab50bd93dfc59cbe08e269a67605aeebdb", "https://github.com/openssl/openssl/commit/5f452bba2c681423d8fcffd120a19b757ee42e3c", "https://github.com/openssl/openssl/commit/7fbfde7677ed8808828bf00ff01c937ca04bdda2", "https://github.com/openssl/openssl/commit/ca2237ab5615641b662183b077f62c08d75e8070", "https://openssl-library.org/news/secadv/20260609.txt" ], "description": "Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42)\npeer key, the peer key is not properly checked for the subgroup membership.\n\nImpact summary: A malicious peer which presents an X9.42 key carrying the\nvictim's p and g parameters, a forged q = r (a small prime factor of the\ncofactor (p−1)/q_local), and a public value Y of order r can recover the\nvictim's private key after a small number of key exchange attempts.\n\nWhen EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the\nsubgroup membership check Y^q ≡ 1 (mod p) is performed using the peer's\nown q parameter, not the local key's q. The peer's domain parameters are\nthen matched against the domain parameters of the private key, but the value\nof q is not compared.\n\nA malicious peer who presents an X9.42 key carrying the victim's p, g,\na forged q = r (a small prime factor of the cofactor), and a public\nvalue Y of order r passes all checks. The shared secret then takes only\nr distinct values, leaking priv mod r. Repeating for each small-prime\nfactor of the cofactor and combining via CRT recovers the full private\nkey (Lim–Lee / small-subgroup-confinement attack).\n\nThe realistic attack surface is narrow: principally CMP deployments with\nlong-lived RA/CA DHX keys and bespoke enterprise or government applications\nusing X9.42 DHX static keys with interactive protocols and therefore this\nissue was assigned Low severity.\n\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are affected by this\nissue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-42770", "epss": 0.00008, "percentile": 0.0086, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-42770", "cwe": "CWE-325", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "openssl", "version": "3.5.6-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-42770", "versionConstraint": "< 3.5.6-1~deb13u2 (deb)" }, "fix": { "suggestedVersion": "3.5.6-1~deb13u2" } } ], "artifact": { "id": "68d68fd82614058a", "name": "libssl3t64", "version": "3.5.6-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libssl3t64/copyright", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/usr/share/doc/libssl3t64/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "layerID": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Apache-2.0", "Artistic", "GPL-1", "GPL-1+" ], "cpes": [ "cpe:2.3:a:libssl3t64:libssl3t64:3.5.6-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssl3t64@3.5.6-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { "name": "openssl" } ] } }, { "vulnerability": { "id": "CVE-2013-4392", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [], "epss": [ { "cve": "CVE-2013-4392", "epss": 0.00037, "percentile": 0.11551, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2013-4392", "cwe": "CWE-59", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2013-4392", "cwe": "CWE-59", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0018500000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2013-4392", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", "http://www.openwall.com/lists/oss-security/2013/10/01/9", "https://bugzilla.redhat.com/show_bug.cgi?id=859060" ], "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "metrics": { "baseScore": 3.3, "exploitabilityScore": 3.4, "impactScore": 5 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2013-4392", "epss": 0.00037, "percentile": 0.11551, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2013-4392", "cwe": "CWE-59", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2013-4392", "cwe": "CWE-59", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.13-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2013-4392", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "4535fe0ddd8868bf", "name": "libsystemd0", "version": "257.13-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libsystemd0:libsystemd0:257.13-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libsystemd0@257.13-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", "upstreams": [ { "name": "systemd" } ] } }, { "vulnerability": { "id": "CVE-2013-4392", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [], "epss": [ { "cve": "CVE-2013-4392", "epss": 0.00037, "percentile": 0.11551, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2013-4392", "cwe": "CWE-59", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2013-4392", "cwe": "CWE-59", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0018500000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2013-4392", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", "http://www.openwall.com/lists/oss-security/2013/10/01/9", "https://bugzilla.redhat.com/show_bug.cgi?id=859060" ], "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "metrics": { "baseScore": 3.3, "exploitabilityScore": 3.4, "impactScore": 5 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2013-4392", "epss": 0.00037, "percentile": 0.11551, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2013-4392", "cwe": "CWE-59", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2013-4392", "cwe": "CWE-59", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.13-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2013-4392", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "f32141b2e65d8b82", "name": "systemd", "version": "257.13-1~deb13u1", "type": "deb", "locations": [ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:systemd:systemd:257.13-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/Debian/systemd@257.13-1~deb13u1?distro=Debian", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2026-40228", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40228", "namespace": "debian:distro:debian:13", "severity": "Low", "urls": [], "description": "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40228", "epss": 0.00005, "percentile": 0.00311, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-40228", "cwe": "CWE-669", "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.0015749999999999996 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40228", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40228", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://www.openwall.com/lists/oss-security/2026/04/08/1", "http://www.openwall.com/lists/oss-security/2026/05/05/1" ], "description": "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 2.9, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40228", "epss": 0.00005, "percentile": 0.00311, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-40228", "cwe": "CWE-669", "source": "cve@mitre.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.13-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-40228", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "4535fe0ddd8868bf", "name": "libsystemd0", "version": "257.13-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libsystemd0:libsystemd0:257.13-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libsystemd0@257.13-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", "upstreams": [ { "name": "systemd" } ] } }, { "vulnerability": { "id": "CVE-2026-40228", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40228", "namespace": "debian:distro:debian:13", "severity": "Low", "urls": [], "description": "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40228", "epss": 0.00005, "percentile": 0.00311, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-40228", "cwe": "CWE-669", "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.0015749999999999996 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40228", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40228", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://www.openwall.com/lists/oss-security/2026/04/08/1", "http://www.openwall.com/lists/oss-security/2026/05/05/1" ], "description": "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 2.9, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40228", "epss": 0.00005, "percentile": 0.00311, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-40228", "cwe": "CWE-669", "source": "cve@mitre.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.13-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-40228", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "f32141b2e65d8b82", "name": "systemd", "version": "257.13-1~deb13u1", "type": "deb", "locations": [ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:systemd:systemd:257.13-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/Debian/systemd@257.13-1~deb13u1?distro=Debian", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2025-10966", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", "cvss": [], "epss": [ { "cve": "CVE-2025-10966", "epss": 0.00031, "percentile": 0.09623, "date": "2026-06-14" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0015500000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2025-10966", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-10966.html", "https://curl.se/docs/CVE-2025-10966.json", "https://hackerone.com/reports/3355218", "http://www.openwall.com/lists/oss-security/2025/11/05/2", "https://cert-portal.siemens.com/productcert/html/ssa-253495.html", "https://github.com/curl/curl/commit/b011e3fcfb06d6c0278595ee2ee297036fbe9793" ], "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 4.3, "exploitabilityScore": 2.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-10966", "epss": 0.00031, "percentile": 0.09623, "date": "2026-06-14" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2025-10966", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "ee3eddc79e0634ef", "name": "libcurl4t64", "version": "8.14.1-2+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2025-15079", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15079", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "cvss": [], "epss": [ { "cve": "CVE-2025-15079", "epss": 0.0003, "percentile": 0.09126, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-15079", "cwe": "CWE-297", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0014999999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2025-15079", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15079", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-15079.html", "https://curl.se/docs/CVE-2025-15079.json", "https://hackerone.com/reports/3477116", "http://www.openwall.com/lists/oss-security/2026/01/07/6" ], "description": "When doing SSH-based transfers using either SCP or SFTP, and setting the\nknown_hosts file, libcurl could still mistakenly accept connecting to hosts\n*not present* in the specified file if they were added as recognized in the\nlibssh *global* known_hosts file.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-15079", "epss": 0.0003, "percentile": 0.09126, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-15079", "cwe": "CWE-297", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2025-15079", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "ee3eddc79e0634ef", "name": "libcurl4t64", "version": "8.14.1-2+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2026-22185", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22185", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [], "epss": [ { "cve": "CVE-2026-22185", "epss": 0.00019, "percentile": 0.05503, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-22185", "cwe": "CWE-125", "source": "disclosure@vulncheck.com", "type": "Secondary" }, { "cve": "CVE-2026-22185", "cwe": "CWE-191", "source": "disclosure@vulncheck.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0009500000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-22185", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://bugs.openldap.org/show_bug.cgi?id=10421", "https://seclists.org/fulldisclosure/2026/Jan/5", "https://seclists.org/fulldisclosure/2026/Jan/8", "https://www.openldap.org/", "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { "source": "disclosure@vulncheck.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-22185", "epss": 0.00019, "percentile": 0.05503, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2026-22185", "cwe": "CWE-125", "source": "disclosure@vulncheck.com", "type": "Secondary" }, { "cve": "CVE-2026-22185", "cwe": "CWE-191", "source": "disclosure@vulncheck.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "openldap", "version": "2.6.10+dfsg-1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "46230cf5226e2e82", "name": "libldap2", "version": "2.6.10+dfsg-1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libldap2", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libldap2", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", "upstreams": [ { "name": "openldap" } ] } }, { "vulnerability": { "id": "CVE-2025-14017", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14017", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "cvss": [], "epss": [ { "cve": "CVE-2025-14017", "epss": 0.00003, "percentile": 0.00077, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-14017", "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00015000000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2025-14017", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-14017.html", "https://curl.se/docs/CVE-2025-14017.json", "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 6.3, "exploitabilityScore": 1.1, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14017", "epss": 0.00003, "percentile": 0.00077, "date": "2026-06-14" } ], "cwes": [ { "cve": "CVE-2025-14017", "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u3" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "ee3eddc79e0634ef", "name": "libcurl4t64", "version": "8.14.1-2+deb13u3", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u3:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u3?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } } ], "source": { "type": "image", "target": { "userInput": "ghcr.io/fluent/fluent-bit:5.0.6", "imageID": "sha256:1f0cd0b0eb0c392c89165a57255c5c7ff7d96db3dcb1ed3bc9303c94314e6afb", "manifestDigest": "sha256:f26cf3cb0e229914a5bc2d489d8cd494289bff956609ae8c77bb113efbc1fce9", "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "tags": [ "ghcr.io/fluent/fluent-bit:5.0.6", "fluent/fluent-bit:5.0.6" ], "imageSize": 117949518, "layers": [ { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:92cb9c37b7d3957ac56645a979418f65e6c5bdba00eb99622affae5fc124ac07", "size": 273026 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:621c35e751a51a9a9dc3e80aa0b7fe8be2a93402ea6ccd307d30852cd7776cda", "size": 23235 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:c8b007d0206e4b10ed4d3b3d99dfeab47c2648e82011989fd78a5731baf33fc3", "size": 758258 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:bec7e6bb35e05d1284f28b10d2150c259717d91c658c4c10c08424bb9466caba", "size": 820316 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:275a30dd8ce958b21daa9ad962c6fbc09f98306ee2f486b65c9075dc257b1412", "size": 88832 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368", "size": 0 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc", "size": 149 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:6f1cdceb6a3146f0ccb986521156bef8a422cdbb0863396f7f751f575ba308f4", "size": 0 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:bd3cdfae1d3fdd83a2231d608969b38b82349777c2fff9a7c12d54f8ac5c9b38", "size": 64 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:4cde6b0bb6f50a5f255eef7b2a42162c661cf776b803225dcac9a659e396bb6b", "size": 0 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:ad51d0769d16ba578106a177987dfe3d2e02c1668c852b795b2f6b024068242a", "size": 497 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:187cfc6d1e3e8a40a5e64653bcd3239c140807dcf1c09e48021178705a5a6139", "size": 344 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:5fd2536c39c0700be8b7b4344e375196da2f126842fd8ede66996a18860a3890", "size": 243389 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:3a7299f559d987305122c7669fc3643095eb0955f8ff4a38c9430d54d0b4452e", "size": 13027492 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:f7480f886f20e8ffccbb5196da285d5842f19cc8c264dfed5b3d8121103f04a0", "size": 8000596 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:c0e409312adc366898967307565f692bb33d43a439d3de48e27d14b742389725", "size": 855198 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:e4ba966d7f0527dfe0fcb559e4e18d4da42c4e6beae924719255e0dedb554ed0", "size": 160500 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:1f5d28bd51650f429293f7730ede274b81dc0744aa918bc887133c4ad610258c", "size": 348649 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:6e18ad80f3d64a8cbbcd1ff2e8a0d5ce7282cf664e816b86183a59d30a618e8a", "size": 2643383 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:c16b2ec4b1493bad1b1de23d659c899e60abb166bda756d02792f0a03ba54a43", "size": 183637 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:7db505d90756626f425c6c5468eca565c82f589b144ecaa4f411ad9bbf79e614", "size": 106287 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:2e951ee82e8a586e7373e61ab3c740f4b74cfa95bb2c7ecdb1ba7091836cbb56", "size": 18011965 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:eab0698c7b19564cd12c60fa47afb927aebdf3a72a228f534050bc61a8d06652", "size": 225539 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:bac8da5073c772505c04c0e4e52c84be7ab9470f3d846c7edef579dd10f844cc", "size": 72178162 } ], "manifest": "eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjo2ODEwLCJkaWdlc3QiOiJzaGEyNTY6MWYwY2QwYjBlYjBjMzkyYzg5MTY1YTU3MjU1YzVjN2ZmN2Q5NmRiM2RjYjFlZDNiYzkzMDNjOTQzMTRlNmFmYiJ9LCJsYXllcnMiOlt7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjozMzc5MjAsImRpZ2VzdCI6InNoYTI1Njo5MmNiOWMzN2I3ZDM5NTdhYzU2NjQ1YTk3OTQxOGY2NWU2YzViZGJhMDBlYjk5NjIyYWZmYWU1ZmMxMjRhYzA3In0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6NDA5NjAsImRpZ2VzdCI6InNoYTI1Njo2MjFjMzVlNzUxYTUxYTlhOWRjM2U4MGFhMGI3ZmU4YmUyYTkzNDAyZWE2Y2NkMzA3ZDMwODUyY2Q3Nzc2Y2RhIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MTE2NzM2MCwiZGlnZXN0Ijoic2hhMjU2OmM4YjAwN2QwMjA2ZTRiMTBlZDRkM2IzZDk5ZGZlYWI0N2MyNjQ4ZTgyMDExOTg5ZmQ3OGE1NzMxYmFmMzNmYzMifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoxMzMxMjAwLCJkaWdlc3QiOiJzaGEyNTY6YmVjN2U2YmIzNWUwNWQxMjg0ZjI4YjEwZDIxNTBjMjU5NzE3ZDkxYzY1OGM0YzEwYzA4NDI0YmI5NDY2Y2FiYSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjEwMjQwMCwiZGlnZXN0Ijoic2hhMjU2OjI3NWEzMGRkOGNlOTU4YjIxZGFhOWFkOTYyYzZmYmMwOWY5ODMwNmVlMmY0ODZiNjVjOTA3NWRjMjU3YjE0MTIifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoxNTM2LCJkaWdlc3QiOiJzaGEyNTY6NGQwNDlmODNkOWNmMjFkMWY1Y2MwZTExZGVhZjM2ZGYwMjc5MGQwZTYwYzFhMzgyOTUzOGZiNGI2MTY4NTM2OCJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjI1NjAsImRpZ2VzdCI6InNoYTI1NjphZjVhYTk3ZWJlNmNlMTYwNDc0N2VjMWUyMWFmNzEzNmRlZDM5MWJjYWJlNGFjZWY4ODJlNzE4YTg3Yzg2YmNjIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MjU2MCwiZGlnZXN0Ijoic2hhMjU2OjZmMWNkY2ViNmEzMTQ2ZjBjY2I5ODY1MjExNTZiZWY4YTQyMmNkYmIwODYzMzk2ZjdmNzUxZjU3NWJhMzA4ZjQifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoyNTYwLCJkaWdlc3QiOiJzaGEyNTY6YmQzY2RmYWUxZDNmZGQ4M2EyMjMxZDYwODk2OWIzOGI4MjM0OTc3N2MyZmZmOWE3YzEyZDU0ZjhhYzVjOWIzOCJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjE1MzYsImRpZ2VzdCI6InNoYTI1Njo0Y2RlNmIwYmI2ZjUwYTVmMjU1ZWVmN2IyYTQyMTYyYzY2MWNmNzc2YjgwMzIyNWRjYWM5YTY1OWUzOTZiYjZiIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MjA0OCwiZGlnZXN0Ijoic2hhMjU2OmFkNTFkMDc2OWQxNmJhNTc4MTA2YTE3Nzk4N2RmZTNkMmUwMmMxNjY4Yzg1MmI3OTViMmY2YjAyNDA2ODI0MmEifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjozMDcyLCJkaWdlc3QiOiJzaGEyNTY6MTg3Y2ZjNmQxZTNlOGE0MGE1ZTY0NjUzYmNkMzIzOWMxNDA4MDdkY2YxYzA5ZTQ4MDIxMTc4NzA1YTVhNjEzOSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjI0OTM0NCwiZGlnZXN0Ijoic2hhMjU2OjVmZDI1MzZjMzljMDcwMGJlOGI3YjQzNDRlMzc1MTk2ZGEyZjEyNjg0MmZkOGVkZTY2OTk2YTE4ODYwYTM4OTAifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoxMzI5MTUyMCwiZGlnZXN0Ijoic2hhMjU2OjNhNzI5OWY1NTlkOTg3MzA1MTIyYzc2NjlmYzM2NDMwOTVlYjA5NTVmOGZmNGEzOGM5NDMwZDU0ZDBiNDQ1MmUifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjo4MDE3OTIwLCJkaWdlc3QiOiJzaGEyNTY6Zjc0ODBmODg2ZjIwZThmZmNjYmI1MTk2ZGEyODVkNTg0MmYxOWNjOGMyNjRkZmVkNWIzZDgxMjExMDNmMDRhMCJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjg3MDQwMCwiZGlnZXN0Ijoic2hhMjU2OmMwZTQwOTMxMmFkYzM2Njg5ODk2NzMwNzU2NWY2OTJiYjMzZDQzYTQzOWQzZGU0OGUyN2QxNGI3NDIzODk3MjUifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoxNzQwODAsImRpZ2VzdCI6InNoYTI1NjplNGJhOTY2ZDdmMDUyN2RmZTBmY2I1NTllNGUxOGQ0ZGE0MmM0ZTZiZWFlOTI0NzE5MjU1ZTBkZWRiNTU0ZWQwIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MzU4NDAwLCJkaWdlc3QiOiJzaGEyNTY6MWY1ZDI4YmQ1MTY1MGY0MjkyOTNmNzczMGVkZTI3NGI4MWRjMDc0NGFhOTE4YmM4ODcxMzNjNGFkNjEwMjU4YyJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjI2NjI0MDAsImRpZ2VzdCI6InNoYTI1Njo2ZTE4YWQ4MGYzZDY0YThjYmJjZDFmZjJlOGEwZDVjZTcyODJjZjY2NGU4MTZiODYxODNhNTlkMzBhNjE4ZThhIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MTk0NTYwLCJkaWdlc3QiOiJzaGEyNTY6YzE2YjJlYzRiMTQ5M2JhZDFiMWRlMjNkNjU5Yzg5OWU2MGFiYjE2NmJkYTc1NmQwMjc5MmYwYTAzYmE1NGE0MyJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjEyMjg4MCwiZGlnZXN0Ijoic2hhMjU2OjdkYjUwNWQ5MDc1NjYyNmY0MjVjNmM1NDY4ZWNhNTY1YzgyZjU4OWIxNDRlY2FhNGY0MTFhZDliYmY3OWU2MTQifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoxODI5ODM2OCwiZGlnZXN0Ijoic2hhMjU2OjJlOTUxZWU4MmU4YTU4NmU3MzczZTYxYWIzYzc0MGY0Yjc0Y2ZhOTViYjJjN2VjZGIxYmE3MDkxODM2Y2JiNTYifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjozODYwNDgsImRpZ2VzdCI6InNoYTI1NjplYWIwNjk4YzdiMTk1NjRjZDEyYzYwZmE0N2FmYjkyN2FlYmRmM2E3MmEyMjhmNTM0MDUwYmM2MWE4ZDA2NjUyIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6NzIxODg5MjgsImRpZ2VzdCI6InNoYTI1NjpiYWM4ZGE1MDczYzc3MjUwNWMwNGMwZTRlNTJjODRiZTdhYjk0NzBmM2Q4NDZjN2VkZWY1NzlkZDEwZjg0NGNjIn1dfQ==", "config": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJVc2VyIjoiMCIsIkV4cG9zZWRQb3J0cyI6eyIyMDIwL3RjcCI6e319LCJFbnYiOlsiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iLCJTU0xfQ0VSVF9GSUxFPS9ldGMvc3NsL2NlcnRzL2NhLWNlcnRpZmljYXRlcy5jcnQiLCJGTFVFTlRfQklUX1ZFUlNJT049NS4wLjYiXSwiRW50cnlwb2ludCI6WyIvZmx1ZW50LWJpdC9iaW4vZmx1ZW50LWJpdCJdLCJDbWQiOlsiL2ZsdWVudC1iaXQvYmluL2ZsdWVudC1iaXQiLCItYyIsIi9mbHVlbnQtYml0L2V0Yy9mbHVlbnQtYml0LmNvbmYiXSwiV29ya2luZ0RpciI6Ii8iLCJMYWJlbHMiOnsiYXV0aG9yIjoiRWR1YXJkbyBTaWx2YSBcdTAwM2NlZHVhcmRvLnNpbHZhQGNocm9ub3NwaGVyZS5pb1x1MDAzZSIsImRlc2NyaXB0aW9uIjoiRmx1ZW50IEJpdCBtdWx0aS1hcmNoaXRlY3R1cmUgY29udGFpbmVyIGltYWdlIiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLmF1dGhvcnMiOiJFZHVhcmRvIFNpbHZhIFx1MDAzY2VkdWFyZG8uc2lsdmFAY2hyb25vc3BoZXJlLmlvXHUwMDNlIiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLmRlc2NyaXB0aW9uIjoiRmx1ZW50IEJpdCBjb250YWluZXIgaW1hZ2UiLCJvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UuZG9jdW1lbnRhdGlvbiI6Imh0dHBzOi8vZG9jcy5mbHVlbnRiaXQuaW8vIiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLmxpY2Vuc2VzIjoiQXBhY2hlLTIuMCIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS5zb3VyY2UiOiJodHRwczovL2dpdGh1Yi5jb20vZmx1ZW50L2ZsdWVudC1iaXQiLCJvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UudGl0bGUiOiJGbHVlbnQgQml0Iiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLnZlbmRvciI6IkZsdWVudCBPcmdhbml6YXRpb24iLCJvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UudmVyc2lvbiI6IjUuMC42IiwidmVuZG9yIjoiRmx1ZW50IE9yZ2FuaXphdGlvbiIsInZlcnNpb24iOiI1LjAuNiJ9LCJBcmdzRXNjYXBlZCI6dHJ1ZX0sImNyZWF0ZWQiOiIyMDI2LTA1LTIxVDE1OjAzOjE5LjQ5OTgxMTY4N1oiLCJoaXN0b3J5IjpbeyJjcmVhdGVkIjoiMTk3MC0wMS0wMVQwMDowMDowMFoiLCJjcmVhdGVkX2J5IjoiYmF6ZWwgYnVpbGQgQHRyaXhpZS8vYmFzZS1maWxlcy9hbWQ2NDpkYXRhX3N0YXR1c2QifSx7ImNyZWF0ZWQiOiIxOTcwLTAxLTAxVDAwOjAwOjAwWiIsImNyZWF0ZWRfYnkiOiJiYXplbCBidWlsZCBAdHJpeGllLy9uZXRiYXNlL2FtZDY0OmRhdGFfc3RhdHVzZCJ9LHsiY3JlYXRlZCI6IjE5NzAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlYXRlZF9ieSI6ImJhemVsIGJ1aWxkIEB0cml4aWUvL3R6ZGF0YS9hbWQ2NDpkYXRhX3N0YXR1c2QifSx7ImNyZWF0ZWQiOiIxOTcwLTAxLTAxVDAwOjAwOjAwWiIsImNyZWF0ZWRfYnkiOiJiYXplbCBidWlsZCBAdHJpeGllLy90emRhdGEtbGVnYWN5L2FtZDY0OmRhdGFfc3RhdHVzZCJ9LHsiY3JlYXRlZCI6IjE5NzAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlYXRlZF9ieSI6ImJhemVsIGJ1aWxkIEB0cml4aWUvL21lZGlhLXR5cGVzL2FtZDY0OmRhdGFfc3RhdHVzZCJ9LHsiY3JlYXRlZCI6IjE5NzAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlYXRlZF9ieSI6ImJhemVsIGJ1aWxkIC8vY29tbW9uOnJvb3RmcyJ9LHsiY3JlYXRlZCI6IjE5NzAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlYXRlZF9ieSI6ImJhemVsIGJ1aWxkIC8vY29tbW9uOnBhc3N3ZCJ9LHsiY3JlYXRlZCI6IjE5NzAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlYXRlZF9ieSI6ImJhemVsIGJ1aWxkIC8vY29tbW9uOmhvbWUifSx7ImNyZWF0ZWQiOiIxOTcwLTAxLTAxVDAwOjAwOjAwWiIsImNyZWF0ZWRfYnkiOiJiYXplbCBidWlsZCAvL2NvbW1vbjpncm91cCJ9LHsiY3JlYXRlZCI6IjE5NzAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlYXRlZF9ieSI6ImJhemVsIGJ1aWxkIC8vY29tbW9uOnRtcCJ9LHsiY3JlYXRlZCI6IjE5NzAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlYXRlZF9ieSI6ImJhemVsIGJ1aWxkIC8vc3RhdGljOm5zc3dpdGNoIn0seyJjcmVhdGVkIjoiMTk3MC0wMS0wMVQwMDowMDowMFoiLCJjcmVhdGVkX2J5IjoiYmF6ZWwgYnVpbGQgLy9jb21tb246b3NfcmVsZWFzZV9kZWJpYW4xMyJ9LHsiY3JlYXRlZCI6IjE5NzAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlYXRlZF9ieSI6ImJhemVsIGJ1aWxkIC8vY29tbW9uOmNhY2VydHNfZGViaWFuMTNfYW1kNjQifSx7ImNyZWF0ZWQiOiIxOTcwLTAxLTAxVDAwOjAwOjAwWiIsImNyZWF0ZWRfYnkiOiJiYXplbCBidWlsZCBAdHJpeGllLy9saWJjNi9hbWQ2NDpkYXRhX3N0YXR1c2QifSx7ImNyZWF0ZWQiOiIxOTcwLTAxLTAxVDAwOjAwOjAwWiIsImNyZWF0ZWRfYnkiOiJiYXplbCBidWlsZCBAdHJpeGllLy9saWJzc2wzdDY0L2FtZDY0OmRhdGFfc3RhdHVzZCJ9LHsiY3JlYXRlZCI6IjE5NzAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlYXRlZF9ieSI6ImJhemVsIGJ1aWxkIEB0cml4aWUvL2xpYnpzdGQxL2FtZDY0OmRhdGFfc3RhdHVzZCJ9LHsiY3JlYXRlZCI6IjE5NzAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlYXRlZF9ieSI6ImJhemVsIGJ1aWxkIEB0cml4aWUvL3psaWIxZy9hbWQ2NDpkYXRhX3N0YXR1c2QifSx7ImNyZWF0ZWQiOiIxOTcwLTAxLTAxVDAwOjAwOjAwWiIsImNyZWF0ZWRfYnkiOiJiYXplbCBidWlsZCBAdHJpeGllLy9saWJnb21wMS9hbWQ2NDpkYXRhX3N0YXR1c2QifSx7ImNyZWF0ZWQiOiIxOTcwLTAxLTAxVDAwOjAwOjAwWiIsImNyZWF0ZWRfYnkiOiJiYXplbCBidWlsZCBAdHJpeGllLy9saWJzdGRjKys2L2FtZDY0OmRhdGFfc3RhdHVzZCJ9LHsiY3JlYXRlZCI6IjE5NzAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlYXRlZF9ieSI6ImJhemVsIGJ1aWxkIEB0cml4aWUvL2xpYmdjYy1zMS9hbWQ2NDpkYXRhX3N0YXR1c2QifSx7ImNyZWF0ZWQiOiIxOTcwLTAxLTAxVDAwOjAwOjAwWiIsImNyZWF0ZWRfYnkiOiJiYXplbCBidWlsZCBAdHJpeGllLy9nY2MtMTQtYmFzZS9hbWQ2NDpkYXRhX3N0YXR1c2QifSx7ImNyZWF0ZWQiOiIyMDI2LTA1LTIxVDE0OjU4OjQ0Ljc4MTI1NTY4WiIsImNyZWF0ZWRfYnkiOiJBUkcgUkVMRUFTRV9WRVJTSU9OPTUuMC42IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNi0wNS0yMVQxNDo1ODo0NC43ODEyNTU2OFoiLCJjcmVhdGVkX2J5IjoiRU5WIEZMVUVOVF9CSVRfVkVSU0lPTj01LjAuNiIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjYtMDUtMjFUMTQ6NTg6NDQuNzgxMjU1NjhaIiwiY3JlYXRlZF9ieSI6IkxBQkVMIGRlc2NyaXB0aW9uPUZsdWVudCBCaXQgbXVsdGktYXJjaGl0ZWN0dXJlIGNvbnRhaW5lciBpbWFnZSB2ZW5kb3I9Rmx1ZW50IE9yZ2FuaXphdGlvbiB2ZXJzaW9uPTUuMC42IGF1dGhvcj1FZHVhcmRvIFNpbHZhIFx1MDAzY2VkdWFyZG8uc2lsdmFAY2hyb25vc3BoZXJlLmlvXHUwMDNlIG9yZy5vcGVuY29udGFpbmVycy5pbWFnZS5kZXNjcmlwdGlvbj1GbHVlbnQgQml0IGNvbnRhaW5lciBpbWFnZSBvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UudGl0bGU9Rmx1ZW50IEJpdCBvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UubGljZW5zZXM9QXBhY2hlLTIuMCBvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UudmVuZG9yPUZsdWVudCBPcmdhbml6YXRpb24gb3JnLm9wZW5jb250YWluZXJzLmltYWdlLnZlcnNpb249NS4wLjYgb3JnLm9wZW5jb250YWluZXJzLmltYWdlLnNvdXJjZT1odHRwczovL2dpdGh1Yi5jb20vZmx1ZW50L2ZsdWVudC1iaXQgb3JnLm9wZW5jb250YWluZXJzLmltYWdlLmRvY3VtZW50YXRpb249aHR0cHM6Ly9kb2NzLmZsdWVudGJpdC5pby8gb3JnLm9wZW5jb250YWluZXJzLmltYWdlLmF1dGhvcnM9RWR1YXJkbyBTaWx2YSBcdTAwM2NlZHVhcmRvLnNpbHZhQGNocm9ub3NwaGVyZS5pb1x1MDAzZSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjYtMDUtMjFUMTQ6NTg6NDQuNzgxMjU1NjhaIiwiY3JlYXRlZF9ieSI6IkNPUFkgL2Rwa2cgLyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI2LTA1LTIxVDE1OjAzOjE5LjQyNzQ4NTMwOVoiLCJjcmVhdGVkX2J5IjoiQ09QWSAvZXRjL3NzbC9jZXJ0cyAvZXRjL3NzbC9jZXJ0cyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI2LTA1LTIxVDE1OjAzOjE5LjQ5OTgxMTY4N1oiLCJjcmVhdGVkX2J5IjoiQ09QWSAvZmx1ZW50LWJpdCAvZmx1ZW50LWJpdCAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI2LTA1LTIxVDE1OjAzOjE5LjQ5OTgxMTY4N1oiLCJjcmVhdGVkX2J5IjoiRVhQT1NFIFsyMDIwL3RjcF0iLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI2LTA1LTIxVDE1OjAzOjE5LjQ5OTgxMTY4N1oiLCJjcmVhdGVkX2J5IjoiRU5UUllQT0lOVCBbXCIvZmx1ZW50LWJpdC9iaW4vZmx1ZW50LWJpdFwiXSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjYtMDUtMjFUMTU6MDM6MTkuNDk5ODExNjg3WiIsImNyZWF0ZWRfYnkiOiJDTUQgW1wiL2ZsdWVudC1iaXQvYmluL2ZsdWVudC1iaXRcIiBcIi1jXCIgXCIvZmx1ZW50LWJpdC9ldGMvZmx1ZW50LWJpdC5jb25mXCJdIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX1dLCJvcyI6ImxpbnV4Iiwicm9vdGZzIjp7InR5cGUiOiJsYXllcnMiLCJkaWZmX2lkcyI6WyJzaGEyNTY6OTJjYjljMzdiN2QzOTU3YWM1NjY0NWE5Nzk0MThmNjVlNmM1YmRiYTAwZWI5OTYyMmFmZmFlNWZjMTI0YWMwNyIsInNoYTI1Njo2MjFjMzVlNzUxYTUxYTlhOWRjM2U4MGFhMGI3ZmU4YmUyYTkzNDAyZWE2Y2NkMzA3ZDMwODUyY2Q3Nzc2Y2RhIiwic2hhMjU2OmM4YjAwN2QwMjA2ZTRiMTBlZDRkM2IzZDk5ZGZlYWI0N2MyNjQ4ZTgyMDExOTg5ZmQ3OGE1NzMxYmFmMzNmYzMiLCJzaGEyNTY6YmVjN2U2YmIzNWUwNWQxMjg0ZjI4YjEwZDIxNTBjMjU5NzE3ZDkxYzY1OGM0YzEwYzA4NDI0YmI5NDY2Y2FiYSIsInNoYTI1NjoyNzVhMzBkZDhjZTk1OGIyMWRhYTlhZDk2MmM2ZmJjMDlmOTgzMDZlZTJmNDg2YjY1YzkwNzVkYzI1N2IxNDEyIiwic2hhMjU2OjRkMDQ5ZjgzZDljZjIxZDFmNWNjMGUxMWRlYWYzNmRmMDI3OTBkMGU2MGMxYTM4Mjk1MzhmYjRiNjE2ODUzNjgiLCJzaGEyNTY6YWY1YWE5N2ViZTZjZTE2MDQ3NDdlYzFlMjFhZjcxMzZkZWQzOTFiY2FiZTRhY2VmODgyZTcxOGE4N2M4NmJjYyIsInNoYTI1Njo2ZjFjZGNlYjZhMzE0NmYwY2NiOTg2NTIxMTU2YmVmOGE0MjJjZGJiMDg2MzM5NmY3Zjc1MWY1NzViYTMwOGY0Iiwic2hhMjU2OmJkM2NkZmFlMWQzZmRkODNhMjIzMWQ2MDg5NjliMzhiODIzNDk3NzdjMmZmZjlhN2MxMmQ1NGY4YWM1YzliMzgiLCJzaGEyNTY6NGNkZTZiMGJiNmY1MGE1ZjI1NWVlZjdiMmE0MjE2MmM2NjFjZjc3NmI4MDMyMjVkY2FjOWE2NTllMzk2YmI2YiIsInNoYTI1NjphZDUxZDA3NjlkMTZiYTU3ODEwNmExNzc5ODdkZmUzZDJlMDJjMTY2OGM4NTJiNzk1YjJmNmIwMjQwNjgyNDJhIiwic2hhMjU2OjE4N2NmYzZkMWUzZThhNDBhNWU2NDY1M2JjZDMyMzljMTQwODA3ZGNmMWMwOWU0ODAyMTE3ODcwNWE1YTYxMzkiLCJzaGEyNTY6NWZkMjUzNmMzOWMwNzAwYmU4YjdiNDM0NGUzNzUxOTZkYTJmMTI2ODQyZmQ4ZWRlNjY5OTZhMTg4NjBhMzg5MCIsInNoYTI1NjozYTcyOTlmNTU5ZDk4NzMwNTEyMmM3NjY5ZmMzNjQzMDk1ZWIwOTU1ZjhmZjRhMzhjOTQzMGQ1NGQwYjQ0NTJlIiwic2hhMjU2OmY3NDgwZjg4NmYyMGU4ZmZjY2JiNTE5NmRhMjg1ZDU4NDJmMTljYzhjMjY0ZGZlZDViM2Q4MTIxMTAzZjA0YTAiLCJzaGEyNTY6YzBlNDA5MzEyYWRjMzY2ODk4OTY3MzA3NTY1ZjY5MmJiMzNkNDNhNDM5ZDNkZTQ4ZTI3ZDE0Yjc0MjM4OTcyNSIsInNoYTI1NjplNGJhOTY2ZDdmMDUyN2RmZTBmY2I1NTllNGUxOGQ0ZGE0MmM0ZTZiZWFlOTI0NzE5MjU1ZTBkZWRiNTU0ZWQwIiwic2hhMjU2OjFmNWQyOGJkNTE2NTBmNDI5MjkzZjc3MzBlZGUyNzRiODFkYzA3NDRhYTkxOGJjODg3MTMzYzRhZDYxMDI1OGMiLCJzaGEyNTY6NmUxOGFkODBmM2Q2NGE4Y2JiY2QxZmYyZThhMGQ1Y2U3MjgyY2Y2NjRlODE2Yjg2MTgzYTU5ZDMwYTYxOGU4YSIsInNoYTI1NjpjMTZiMmVjNGIxNDkzYmFkMWIxZGUyM2Q2NTljODk5ZTYwYWJiMTY2YmRhNzU2ZDAyNzkyZjBhMDNiYTU0YTQzIiwic2hhMjU2OjdkYjUwNWQ5MDc1NjYyNmY0MjVjNmM1NDY4ZWNhNTY1YzgyZjU4OWIxNDRlY2FhNGY0MTFhZDliYmY3OWU2MTQiLCJzaGEyNTY6MmU5NTFlZTgyZThhNTg2ZTczNzNlNjFhYjNjNzQwZjRiNzRjZmE5NWJiMmM3ZWNkYjFiYTcwOTE4MzZjYmI1NiIsInNoYTI1NjplYWIwNjk4YzdiMTk1NjRjZDEyYzYwZmE0N2FmYjkyN2FlYmRmM2E3MmEyMjhmNTM0MDUwYmM2MWE4ZDA2NjUyIiwic2hhMjU2OmJhYzhkYTUwNzNjNzcyNTA1YzA0YzBlNGU1MmM4NGJlN2FiOTQ3MGYzZDg0NmM3ZWRlZjU3OWRkMTBmODQ0Y2MiXX19", "repoDigests": [ "fluent/fluent-bit@sha256:1abcf78fe8c9dee0c57fc2199693370a5a1f84e0af4716beddcd153b40cbbbb1", "ghcr.io/fluent/fluent-bit@sha256:1abcf78fe8c9dee0c57fc2199693370a5a1f84e0af4716beddcd153b40cbbbb1" ], "architecture": "amd64", "os": "linux", "labels": { "author": "Eduardo Silva ", "description": "Fluent Bit multi-architecture container image", "org.opencontainers.image.authors": "Eduardo Silva ", "org.opencontainers.image.description": "Fluent Bit container image", "org.opencontainers.image.documentation": "https://docs.fluentbit.io/", "org.opencontainers.image.licenses": "Apache-2.0", "org.opencontainers.image.source": "https://github.com/fluent/fluent-bit", "org.opencontainers.image.title": "Fluent Bit", "org.opencontainers.image.vendor": "Fluent Organization", "org.opencontainers.image.version": "5.0.6", "vendor": "Fluent Organization", "version": "5.0.6" } } }, "distro": { "name": "debian", "version": "13", "idLike": [] }, "descriptor": { "name": "grype", "version": "0.114.0", "configuration": { "output": [ "json" ], "file": "agent/security/oss/grype-5.0.6.json", "pretty": true, "distro": "", "add-cpes-if-none": false, "output-template-file": "", "check-for-app-update": true, "only-fixed": false, "only-notfixed": false, "ignore-wontfix": "", "platform": "", "search": { "scope": "squashed", "unindexed-archives": false, "indexed-archives": true }, "ignore": [ { "vulnerability": "", "include-aliases": false, "reason": "", "namespace": "", "fix-state": "", "package": { "name": "kernel-headers", "version": "", "language": "", "type": "rpm", "location": "", "upstream-name": "kernel" }, "vex-status": "", "vex-justification": "", "match-type": "exact-indirect-match" }, { "vulnerability": "", "include-aliases": false, "reason": "", "namespace": "", "fix-state": "", "package": { "name": "linux(-.*)?-headers-.*", "version": "", "language": "", "type": "deb", "location": "", "upstream-name": "linux.*" }, "vex-status": "", "vex-justification": "", "match-type": "exact-indirect-match" }, { "vulnerability": "", "include-aliases": false, "reason": "", "namespace": "", "fix-state": "", "package": { "name": "linux-libc-dev", "version": "", "language": "", "type": "deb", "location": "", "upstream-name": "linux" }, "vex-status": "", "vex-justification": "", "match-type": "exact-indirect-match" } ], "exclude": [], "externalSources": { "enable": false, "maven": { "searchUpstreamBySha1": true, "baseUrl": "https://search.maven.org/solrsearch/select", "rateLimit": 300000000 } }, "match": { "java": { "using-cpes": false }, "jvm": { "using-cpes": true }, "dotnet": { "using-cpes": false }, "golang": { "using-cpes": false, "always-use-cpe-for-stdlib": true, "allow-main-module-pseudo-version-comparison": false }, "javascript": { "using-cpes": false }, "python": { "using-cpes": false }, "ruby": { "using-cpes": false }, "rust": { "using-cpes": false }, "hex": { "using-cpes": false }, "stock": { "using-cpes": true }, "dpkg": { "using-cpes": false, "missing-epoch-strategy": "zero", "use-cpes-for-eol": false }, "rpm": { "using-cpes": false, "missing-epoch-strategy": "auto", "use-cpes-for-eol": false } }, "fail-on-severity": "", "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, "ca-cert": "" }, "show-suppressed": false, "by-cve": false, "SortBy": { "sort-by": "risk" }, "name": "", "default-image-pull-source": "", "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, "fix-channel": { "redhat-eus": { "apply": "auto", "versions": ">= 8.0" } }, "timestamp": false, "alerts": { "enable-eol-distro-warnings": true }, "db": { "cache-dir": ".cache/grype/db", "update-url": "https://grype.anchore.io/databases", "ca-cert": "", "auto-update": true, "validate-by-hash-on-start": true, "validate-age": true, "max-allowed-built-age": 432000000000000, "require-update-check": false, "update-available-timeout": 30000000000, "update-download-timeout": 300000000000, "max-update-check-frequency": 7200000000000 }, "exp": {}, "dev": { "db": { "debug": false } } }, "db": { "status": { "schemaVersion": "v6.1.7", "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.7_2026-06-15T01:00:00Z_1781511613.tar.zst?checksum=sha256%3A2de47d3561a1ba08d7f9d707458b2a06014c3e630da049c10330590d3b4dda77", "built": "2026-06-15T08:20:13Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { "captured": "2026-06-15T01:00:29Z", "input": "xxh64:c2524d4906543abf" }, "alpine": { "captured": "2026-06-15T01:00:27Z", "input": "xxh64:05c185d4936f63a6" }, "amazon": { "captured": "2026-06-15T01:00:46Z", "input": "xxh64:f8a1f3a0bf2e9cdb" }, "arch": { "captured": "2026-06-15T01:00:45Z", "input": "xxh64:f82bf430bbdda578" }, "bitnami": { "captured": "2026-06-15T01:00:56Z", "input": "xxh64:0e37f57810486e7e" }, "chainguard": { "captured": "2026-06-15T01:00:01Z", "input": "xxh64:8f52022faa11a289" }, "chainguard-libraries": { "captured": "2026-06-15T01:00:50Z", "input": "xxh64:0f0544792dfb607c" }, "debian": { "captured": "2026-06-15T01:00:17Z", "input": "xxh64:45fd22104f1994e0" }, "echo": { "captured": "2026-06-15T01:00:20Z", "input": "xxh64:0f60b6229e015620" }, "eol": { "captured": "2026-06-15T01:00:40Z", "input": "xxh64:663143e24cc9ed3a" }, "epss": { "captured": "2026-06-15T01:00:01Z", "input": "xxh64:f08bed6533e31d9f" }, "fedora": { "captured": "2026-06-15T01:00:02Z", "input": "xxh64:50083eee375d268b" }, "github": { "captured": "2026-06-15T01:00:34Z", "input": "xxh64:d8e43df6472e9775" }, "govulndb": { "captured": "2026-06-15T01:00:54Z", "input": "xxh64:ed18880d09559852" }, "hummingbird": { "captured": "2026-06-15T01:00:08Z", "input": "xxh64:c79535ce487e19bc" }, "kev": { "captured": "2026-06-15T01:00:00Z", "input": "xxh64:fcc50a2a4efe3f4e" }, "mariner": { "captured": "2026-06-15T01:01:14Z", "input": "xxh64:ebb284c9e091150a" }, "minimos": { "captured": "2026-06-15T01:00:04Z", "input": "xxh64:53f1a1a6bd2810b4" }, "nvd": { "captured": "2026-06-15T01:01:03Z", "input": "xxh64:ae15d44c599ed923" }, "oracle": { "captured": "2026-06-15T01:00:34Z", "input": "xxh64:9d71d19cd9e0d242" }, "photon": { "captured": "2026-06-15T01:00:38Z", "input": "xxh64:fb733180b311ecdb" }, "rhel": { "captured": "2026-06-15T01:01:36Z", "input": "xxh64:4ddbad23d345547b" }, "secureos": { "captured": "2026-06-15T01:00:26Z", "input": "xxh64:571da7a303df37fa" }, "sles": { "captured": "2026-06-15T01:00:41Z", "input": "xxh64:c7f6233360752622" }, "ubuntu": { "captured": "2026-06-15T01:04:04Z", "input": "xxh64:0b342df590e09a71" }, "wolfi": { "captured": "2026-06-15T01:00:36Z", "input": "xxh64:3cc2ddb98db9d3ca" } } } } }