LAYER: meta PACKAGE NAME: libbsd-native PACKAGE VERSION: 0.12.1 CVE: CVE-2016-2090 CVE STATUS: Patched CVE SUMMARY: Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2090 LAYER: meta PACKAGE NAME: libbsd-native PACKAGE VERSION: 0.12.1 CVE: CVE-2019-20367 CVE STATUS: Patched CVE SUMMARY: nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab). CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20367