There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
{"ubuntucve": [{"lastseen": "2021-11-22T21:35:16", "description": "There is a reachable assertion abort in the function dict_rename_var() in\ndata/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will\nlead to remote denial of service.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[ratliff](<https://launchpad.net/~ratliff>) | POC dumps core on xenial and zesty\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-18T00:00:00", "type": "ubuntucve", "title": "CVE-2017-12960", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12960"], "modified": "2017-08-18T00:00:00", "id": "UB:CVE-2017-12960", "href": "https://ubuntu.com/security/CVE-2017-12960", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2022-03-23T13:06:33", "description": "There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-08-18T21:29:00", "type": "cve", "title": "CVE-2017-12960", "cwe": ["CWE-617"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12960"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:gnu:pspp:0.11.0"], "id": "CVE-2017-12960", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12960", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:gnu:pspp:0.11.0:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2022-06-16T16:30:37", "description": "This update for pspp fixes the following issues :\n\n - CVE-2017-12958: Illegal address access in function output_hex() could lead to denial of service or unexpected state (boo#1054585) \n\n - CVE-2017-12959: Assertion in function dict_add_mrset() could lead to denial of service (boo#1054588)\n\n - CVE-2017-12960: Assertion in function dict_rename_var() could lead to denial of service (boo#1054587)\n\n - CVE-2017-12961: Assertion in function parse_attributes() could lead to denial of service (boo#1054586)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-09-05T00:00:00", "type": "nessus", "title": "openSUSE Security Update : pspp (openSUSE-2017-996)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10791", "CVE-2017-10792", "CVE-2017-12958", "CVE-2017-12959", "CVE-2017-12960", "CVE-2017-12961"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:pspp", "p-cpe:/a:novell:opensuse:pspp-debuginfo", "p-cpe:/a:novell:opensuse:pspp-debugsource", "p-cpe:/a:novell:opensuse:pspp-devel", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-996.NASL", "href": "https://www.tenable.com/plugins/nessus/102949", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-996.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102949);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-10791\", \"CVE-2017-10792\", \"CVE-2017-12958\", \"CVE-2017-12959\", \"CVE-2017-12960\", \"CVE-2017-12961\");\n\n script_name(english:\"openSUSE Security Update : pspp (openSUSE-2017-996)\");\n script_summary(english:\"Check for the openSUSE-2017-996 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for pspp fixes the following issues :\n\n - CVE-2017-12958: Illegal address access in function\n output_hex() could lead to denial of service or\n unexpected state (boo#1054585) \n\n - CVE-2017-12959: Assertion in function dict_add_mrset()\n could lead to denial of service (boo#1054588)\n\n - CVE-2017-12960: Assertion in function dict_rename_var()\n could lead to denial of service (boo#1054587)\n\n - CVE-2017-12961: Assertion in function parse_attributes()\n could lead to denial of service (boo#1054586)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1054585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1054586\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1054587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1054588\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pspp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pspp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pspp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pspp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pspp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"pspp-1.0.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"pspp-debuginfo-1.0.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"pspp-debugsource-1.0.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"pspp-devel-1.0.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pspp-1.0.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pspp-debuginfo-1.0.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pspp-debugsource-1.0.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"pspp-devel-1.0.1-8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pspp / pspp-debuginfo / pspp-debugsource / pspp-devel\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T16:30:16", "description": "CVE Details reports :\n\n- There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP 0.10.5-pre2 (CVE-2017-10791).\n\n- There is a NULL pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP 0.10.5-pre2 (CVE-2017-10792).\n\n- There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service (CVE-2017-12958).\n\n- There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP 0.11.0 that will lead to a remote denial of service attack (CVE-2017-12959).\n\n- There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service (CVE-2017-12960).\n\n- There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service (CVE-2017-12961).", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-08-23T00:00:00", "type": "nessus", "title": "FreeBSD : pspp -- multiple vulnerabilities (6876b163-8708-11e7-8568-e8e0b747a45a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10791", "CVE-2017-10792", "CVE-2017-12958", "CVE-2017-12959", "CVE-2017-12960", "CVE-2017-12961"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:pspp", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_6876B163870811E78568E8E0B747A45A.NASL", "href": "https://www.tenable.com/plugins/nessus/102690", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102690);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-10791\", \"CVE-2017-10792\", \"CVE-2017-12958\", \"CVE-2017-12959\", \"CVE-2017-12960\", \"CVE-2017-12961\");\n\n script_name(english:\"FreeBSD : pspp -- multiple vulnerabilities (6876b163-8708-11e7-8568-e8e0b747a45a)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE Details reports :\n\n- There is an Integer overflow in the hash_int function of the libpspp\nlibrary in GNU PSPP 0.10.5-pre2 (CVE-2017-10791).\n\n- There is a NULL pointer Dereference in the function ll_insert() of\nthe libpspp library in GNU PSPP 0.10.5-pre2 (CVE-2017-10792).\n\n- There is an illegal address access in the function output_hex() in\ndata/data-out.c of the libpspp library in GNU PSPP 0.11.0 that will\nlead to remote denial of service (CVE-2017-12958).\n\n- There is a reachable assertion abort in the function\ndict_add_mrset() in data/dictionary.c of the libpspp library in GNU\nPSPP 0.11.0 that will lead to a remote denial of service attack\n(CVE-2017-12959).\n\n- There is a reachable assertion abort in the function\ndict_rename_var() in data/dictionary.c of the libpspp library in GNU\nPSPP 0.11.0 that will lead to remote denial of service\n(CVE-2017-12960).\n\n- There is an assertion abort in the function parse_attributes() in\ndata/sys-file-reader.c of the libpspp library in GNU PSPP 0.11.0 that\nwill lead to remote denial of service (CVE-2017-12961).\"\n );\n # https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-38732/year-2017/GNU-Pspp.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ba60392\"\n );\n # https://vuxml.freebsd.org/freebsd/6876b163-8708-11e7-8568-e8e0b747a45a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e5b07466\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:pspp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"pspp<1.0.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:31", "description": "\n\nCVE Details reports:\n\n\nThere is an Integer overflow in the hash_int function of the libpspp library\n\t in GNU PSPP 0.10.5-pre2 (CVE-2017-10791).\nThere is a NULL Pointer Dereference in the function ll_insert() of the libpspp\n\t library in GNU PSPP 0.10.5-pre2 (CVE-2017-10792).\nThere is an illegal address access in the function output_hex() in data/data-out.c\n\t of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service (CVE-2017-12958).\nThere is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c\n\t of the libpspp library in GNU PSPP 0.11.0 that will lead to a remote denial of service attack (CVE-2017-12959).\nThere is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c\n\t of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service (CVE-2017-12960).\nThere is an assertion abort in the function parse_attributes() in data/sys-file-reader.c\n\t of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service (CVE-2017-12961).\n\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-18T00:00:00", "type": "freebsd", "title": "pspp -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10791", "CVE-2017-10792", "CVE-2017-12958", "CVE-2017-12959", "CVE-2017-12960", "CVE-2017-12961"], "modified": "2017-08-30T00:00:00", "id": "6876B163-8708-11E7-8568-E8E0B747A45A", "href": "https://vuxml.freebsd.org/freebsd/6876b163-8708-11e7-8568-e8e0b747a45a.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
CVE-2017-12960
