LAYER: meta
PACKAGE NAME: libbsd-native
PACKAGE VERSION: 0.12.1
CVE: CVE-2016-2090
CVE STATUS: Patched
CVE SUMMARY: Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2090

LAYER: meta
PACKAGE NAME: libbsd-native
PACKAGE VERSION: 0.12.1
CVE: CVE-2019-20367
CVE STATUS: Patched
CVE SUMMARY: nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).
CVSS v2 BASE SCORE: 6.4
CVSS v3 BASE SCORE: 9.1
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20367