Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2022/05/GHSA-6cpp-45v5-cpgv/GHSA-6cpp-45v5-cpgv.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6cpp-45v5-cpgv",
-  "modified": "2022-05-24T19:15:37Z",
+  "modified": "2025-10-30T21:30:34Z",
   "published": "2022-05-24T19:15:37Z",
   "aliases": [
     "CVE-2021-34770"
   ],
   "details": "A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a logic error that occurs during the validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the affected device to crash and reload, resulting in a DoS condition.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -21,6 +26,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-122",
       "CWE-787"
     ],
     "severity": "HIGH",

advisories/unreviewed/2022/05/GHSA-xwvm-8x4q-gmr9/GHSA-xwvm-8x4q-gmr9.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xwvm-8x4q-gmr9",
-  "modified": "2022-05-24T19:15:37Z",
+  "modified": "2025-10-30T21:30:34Z",
   "published": "2022-05-24T19:15:37Z",
   "aliases": [
     "CVE-2021-34767"
   ],
   "details": "A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a Layer 2 (L2) loop in a configured VLAN, resulting in a denial of service (DoS) condition for that VLAN. The vulnerability is due to a logic error when processing specific link-local IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet that would flow inbound through the wired interface of an affected device. A successful exploit could allow the attacker to cause traffic drops in the affected VLAN, thus triggering the DoS condition.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {

advisories/unreviewed/2022/05/GHSA-xxj5-mhw2-jgp8/GHSA-xxj5-mhw2-jgp8.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xxj5-mhw2-jgp8",
-  "modified": "2022-05-24T19:15:38Z",
+  "modified": "2025-10-30T21:30:33Z",
   "published": "2022-05-24T19:15:38Z",
   "aliases": [
     "CVE-2021-34705"
   ],
   "details": "A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient validation of dial strings at Foreign Exchange Office (FXO) interfaces. An attacker could exploit this vulnerability by sending a malformed dial string to an affected device via either the ISDN protocol or SIP. A successful exploit could allow the attacker to conduct toll fraud, resulting in unexpected financial impact to affected customers.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-232"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/03/GHSA-pjpx-9xrf-qmh6/GHSA-pjpx-9xrf-qmh6.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pjpx-9xrf-qmh6",
-  "modified": "2025-03-13T15:32:54Z",
+  "modified": "2025-10-30T21:30:40Z",
   "published": "2025-03-06T18:31:10Z",
   "aliases": [
     "CVE-2024-58072"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: remove unused check_buddy_priv\n\nCommit 2461c7d60f9f (\"rtlwifi: Update header file\") introduced a global\nlist of private data structures.\n\nLater on, commit 26634c4b1868 (\"rtlwifi Modify existing bits to match\nvendor version 2013.02.07\") started adding the private data to that list at\nprobe time and added a hook, check_buddy_priv to find the private data from\na similar device.\n\nHowever, that function was never used.\n\nBesides, though there is a lock for that list, it is never used. And when\nthe probe fails, the private data is never removed from the list. This\nwould cause a second probe to access freed memory.\n\nRemove the unused hook, structures and members, which will prevent the\npotential race condition on the list and its corruption during a second\nprobe when probe fails.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -48,8 +53,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-03-06T16:15:53Z"

advisories/unreviewed/2025/03/GHSA-v333-5589-2mh9/GHSA-v333-5589-2mh9.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v333-5589-2mh9",
-  "modified": "2025-03-06T18:31:10Z",
+  "modified": "2025-10-30T21:30:40Z",
   "published": "2025-03-06T18:31:10Z",
   "aliases": [
     "CVE-2025-21825"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Cancel the running bpf_timer through kworker for PREEMPT_RT\n\nDuring the update procedure, when overwrite element in a pre-allocated\nhtab, the freeing of old_element is protected by the bucket lock. The\nreason why the bucket lock is necessary is that the old_element has\nalready been stashed in htab->extra_elems after alloc_htab_elem()\nreturns. If freeing the old_element after the bucket lock is unlocked,\nthe stashed element may be reused by concurrent update procedure and the\nfreeing of old_element will run concurrently with the reuse of the\nold_element. However, the invocation of check_and_free_fields() may\nacquire a spin-lock which violates the lockdep rule because its caller\nhas already held a raw-spin-lock (bucket lock). The following warning\nwill be reported when such race happens:\n\n  BUG: scheduling while atomic: test_progs/676/0x00000003\n  3 locks held by test_progs/676:\n  #0: ffffffff864b0240 (rcu_read_lock_trace){....}-{0:0}, at: bpf_prog_test_run_syscall+0x2c0/0x830\n  #1: ffff88810e961188 (&htab->lockdep_key){....}-{2:2}, at: htab_map_update_elem+0x306/0x1500\n  #2: ffff8881f4eac1b8 (&base->softirq_expiry_lock){....}-{2:2}, at: hrtimer_cancel_wait_running+0xe9/0x1b0\n  Modules linked in: bpf_testmod(O)\n  Preemption disabled at:\n  [<ffffffff817837a3>] htab_map_update_elem+0x293/0x1500\n  CPU: 0 UID: 0 PID: 676 Comm: test_progs Tainted: G ... 6.12.0+ #11\n  Tainted: [W]=WARN, [O]=OOT_MODULE\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)...\n  Call Trace:\n  <TASK>\n  dump_stack_lvl+0x57/0x70\n  dump_stack+0x10/0x20\n  __schedule_bug+0x120/0x170\n  __schedule+0x300c/0x4800\n  schedule_rtlock+0x37/0x60\n  rtlock_slowlock_locked+0x6d9/0x54c0\n  rt_spin_lock+0x168/0x230\n  hrtimer_cancel_wait_running+0xe9/0x1b0\n  hrtimer_cancel+0x24/0x30\n  bpf_timer_delete_work+0x1d/0x40\n  bpf_timer_cancel_and_free+0x5e/0x80\n  bpf_obj_free_fields+0x262/0x4a0\n  check_and_free_fields+0x1d0/0x280\n  htab_map_update_elem+0x7fc/0x1500\n  bpf_prog_9f90bc20768e0cb9_overwrite_cb+0x3f/0x43\n  bpf_prog_ea601c4649694dbd_overwrite_timer+0x5d/0x7e\n  bpf_prog_test_run_syscall+0x322/0x830\n  __sys_bpf+0x135d/0x3ca0\n  __x64_sys_bpf+0x75/0xb0\n  x64_sys_call+0x1b5/0xa10\n  do_syscall_64+0x3b/0xc0\n  entry_SYSCALL_64_after_hwframe+0x4b/0x53\n  ...\n  </TASK>\n\nIt seems feasible to break the reuse and refill of per-cpu extra_elems\ninto two independent parts: reuse the per-cpu extra_elems with bucket\nlock being held and refill the old_element as per-cpu extra_elems after\nthe bucket lock is unlocked. However, it will make the concurrent\noverwrite procedures on the same CPU return unexpected -E2BIG error when\nthe map is full.\n\nTherefore, the patch fixes the lock problem by breaking the cancelling\nof bpf_timer into two steps for PREEMPT_RT:\n1) use hrtimer_try_to_cancel() and check its return value\n2) if the timer is running, use hrtimer_cancel() through a kworker to\n   cancel it again\nConsidering that the current implementation of hrtimer_cancel() will try\nto acquire a being held softirq_expiry_lock when the current timer is\nrunning, these steps above are reasonable. However, it also has\ndownside. When the timer is running, the cancelling of the timer is\ndelayed when releasing the last map uref. The delay is also fixable\n(e.g., break the cancelling of bpf timer into two parts: one part in\nlocked scope, another one in unlocked scope), it can be revised later if\nnecessary.\n\nIt is a bit hard to decide the right fix tag. One reason is that the\nproblem depends on PREEMPT_RT which is enabled in v6.12. Considering the\nsoftirq_expiry_lock lock exists since v5.4 and bpf_timer is introduced\nin v5.15, the bpf_timer commit is used in the fixes tag and an extra\ndepends-on tag is added to state the dependency on PREEMPT_RT.\n\nDepends-on: v6.12+ with PREEMPT_RT enabled",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-415"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-03-06T16:15:54Z"

advisories/unreviewed/2025/04/GHSA-5jw6-g45h-9h97/GHSA-5jw6-g45h-9h97.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5jw6-g45h-9h97",
-  "modified": "2025-04-01T18:30:52Z",
+  "modified": "2025-10-30T21:30:40Z",
   "published": "2025-04-01T18:30:52Z",
   "aliases": [
     "CVE-2025-21939"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/hmm: Don't dereference struct page pointers without notifier lock\n\nThe pnfs that we obtain from hmm_range_fault() point to pages that\nwe don't have a reference on, and the guarantee that they are still\nin the cpu page-tables is that the notifier lock must be held and the\nnotifier seqno is still valid.\n\nSo while building the sg table and marking the pages accesses / dirty\nwe need to hold this lock with a validated seqno.\n\nHowever, the lock is reclaim tainted which makes\nsg_alloc_table_from_pages_segment() unusable, since it internally\nallocates memory.\n\nInstead build the sg-table manually. For the non-iommu case\nthis might lead to fewer coalesces, but if that's a problem it can\nbe fixed up later in the resource cursor code. For the iommu case,\nthe whole sg-table may still be coalesced to a single contigous\ndevice va region.\n\nThis avoids marking pages that we don't own dirty and accessed, and\nit also avoid dereferencing struct pages that we don't own.\n\nv2:\n- Use assert to check whether hmm pfns are valid (Matthew Auld)\n- Take into account that large pages may cross range boundaries\n  (Matthew Auld)\n\nv3:\n- Don't unnecessarily check for a non-freed sg-table. (Matthew Auld)\n- Add a missing up_read() in an error path. (Matthew Auld)\n\n(cherry picked from commit ea3e66d280ce2576664a862693d1da8fd324c317)",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-04-01T16:15:24Z"

advisories/unreviewed/2025/04/GHSA-64vr-rmgj-v53q/GHSA-64vr-rmgj-v53q.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-64vr-rmgj-v53q",
-  "modified": "2025-04-01T18:30:52Z",
+  "modified": "2025-10-30T21:30:40Z",
   "published": "2025-04-01T18:30:52Z",
   "aliases": [
     "CVE-2025-21938"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr\n\nIf multiple connection requests attempt to create an implicit mptcp\nendpoint in parallel, more than one caller may end up in\nmptcp_pm_nl_append_new_local_addr because none found the address in\nlocal_addr_list during their call to mptcp_pm_nl_get_local_id.  In this\ncase, the concurrent new_local_addr calls may delete the address entry\ncreated by the previous caller.  These deletes use synchronize_rcu, but\nthis is not permitted in some of the contexts where this function may be\ncalled.  During packet recv, the caller may be in a rcu read critical\nsection and have preemption disabled.\n\nAn example stack:\n\n   BUG: scheduling while atomic: swapper/2/0/0x00000302\n\n   Call Trace:\n   <IRQ>\n   dump_stack_lvl (lib/dump_stack.c:117 (discriminator 1))\n   dump_stack (lib/dump_stack.c:124)\n   __schedule_bug (kernel/sched/core.c:5943)\n   schedule_debug.constprop.0 (arch/x86/include/asm/preempt.h:33 kernel/sched/core.c:5970)\n   __schedule (arch/x86/include/asm/jump_label.h:27 include/linux/jump_label.h:207 kernel/sched/features.h:29 kernel/sched/core.c:6621)\n   schedule (arch/x86/include/asm/preempt.h:84 kernel/sched/core.c:6804 kernel/sched/core.c:6818)\n   schedule_timeout (kernel/time/timer.c:2160)\n   wait_for_completion (kernel/sched/completion.c:96 kernel/sched/completion.c:116 kernel/sched/completion.c:127 kernel/sched/completion.c:148)\n   __wait_rcu_gp (include/linux/rcupdate.h:311 kernel/rcu/update.c:444)\n   synchronize_rcu (kernel/rcu/tree.c:3609)\n   mptcp_pm_nl_append_new_local_addr (net/mptcp/pm_netlink.c:966 net/mptcp/pm_netlink.c:1061)\n   mptcp_pm_nl_get_local_id (net/mptcp/pm_netlink.c:1164)\n   mptcp_pm_get_local_id (net/mptcp/pm.c:420)\n   subflow_check_req (net/mptcp/subflow.c:98 net/mptcp/subflow.c:213)\n   subflow_v4_route_req (net/mptcp/subflow.c:305)\n   tcp_conn_request (net/ipv4/tcp_input.c:7216)\n   subflow_v4_conn_request (net/mptcp/subflow.c:651)\n   tcp_rcv_state_process (net/ipv4/tcp_input.c:6709)\n   tcp_v4_do_rcv (net/ipv4/tcp_ipv4.c:1934)\n   tcp_v4_rcv (net/ipv4/tcp_ipv4.c:2334)\n   ip_protocol_deliver_rcu (net/ipv4/ip_input.c:205 (discriminator 1))\n   ip_local_deliver_finish (include/linux/rcupdate.h:813 net/ipv4/ip_input.c:234)\n   ip_local_deliver (include/linux/netfilter.h:314 include/linux/netfilter.h:308 net/ipv4/ip_input.c:254)\n   ip_sublist_rcv_finish (include/net/dst.h:461 net/ipv4/ip_input.c:580)\n   ip_sublist_rcv (net/ipv4/ip_input.c:640)\n   ip_list_rcv (net/ipv4/ip_input.c:675)\n   __netif_receive_skb_list_core (net/core/dev.c:5583 net/core/dev.c:5631)\n   netif_receive_skb_list_internal (net/core/dev.c:5685 net/core/dev.c:5774)\n   napi_complete_done (include/linux/list.h:37 include/net/gro.h:449 include/net/gro.h:444 net/core/dev.c:6114)\n   igb_poll (drivers/net/ethernet/intel/igb/igb_main.c:8244) igb\n   __napi_poll (net/core/dev.c:6582)\n   net_rx_action (net/core/dev.c:6653 net/core/dev.c:6787)\n   handle_softirqs (kernel/softirq.c:553)\n   __irq_exit_rcu (kernel/softirq.c:588 kernel/softirq.c:427 kernel/softirq.c:636)\n   irq_exit_rcu (kernel/softirq.c:651)\n   common_interrupt (arch/x86/kernel/irq.c:247 (discriminator 14))\n   </IRQ>\n\nThis problem seems particularly prevalent if the user advertises an\nendpoint that has a different external vs internal address.  In the case\nwhere the external address is advertised and multiple connections\nalready exist, multiple subflow SYNs arrive in parallel which tends to\ntrigger the race during creation of the first local_addr_list entries\nwhich have the internal address instead.\n\nFix by skipping the replacement of an existing implicit local address if\ncalled via mptcp_pm_nl_get_local_id.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -36,8 +41,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-362"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-04-01T16:15:24Z"

advisories/unreviewed/2025/04/GHSA-6hmr-pwgj-w283/GHSA-6hmr-pwgj-w283.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6hmr-pwgj-w283",
-  "modified": "2025-04-01T18:30:55Z",
+  "modified": "2025-10-30T21:30:41Z",
   "published": "2025-04-01T18:30:55Z",
   "aliases": [
     "CVE-2025-21985"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix out-of-bound accesses\n\n[WHAT & HOW]\nhpo_stream_to_link_encoder_mapping has size MAX_HPO_DP2_ENCODERS(=4),\nbut location can have size up to 6. As a result, it is necessary to\ncheck location against MAX_HPO_DP2_ENCODERS.\n\nSimiliarly, disp_cfg_stream_location can be used as an array index which\nshould be 0..5, so the ASSERT's conditions should be less without equal.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-04-01T16:15:29Z"

advisories/unreviewed/2025/04/GHSA-7qmx-chg2-w65c/GHSA-7qmx-chg2-w65c.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7qmx-chg2-w65c",
-  "modified": "2025-04-01T18:30:53Z",
+  "modified": "2025-10-30T21:30:40Z",
   "published": "2025-04-01T18:30:53Z",
   "aliases": [
     "CVE-2025-21946"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix out-of-bounds in parse_sec_desc()\n\nIf osidoffset, gsidoffset and dacloffset could be greater than smb_ntsd\nstruct size. If it is smaller, It could cause slab-out-of-bounds.\nAnd when validating sid, It need to check it included subauth array size.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-04-01T16:15:25Z"

advisories/unreviewed/2025/04/GHSA-7wv2-745f-m4cr/GHSA-7wv2-745f-m4cr.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7wv2-745f-m4cr",
-  "modified": "2025-04-10T15:31:45Z",
+  "modified": "2025-10-30T21:30:41Z",
   "published": "2025-04-01T18:30:54Z",
   "aliases": [
     "CVE-2025-21975"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: handle errors in mlx5_chains_create_table()\n\nIn mlx5_chains_create_table(), the return value of mlx5_get_fdb_sub_ns()\nand mlx5_get_flow_namespace() must be checked to prevent NULL pointer\ndereferences. If either function fails, the function should log error\nmessage with mlx5_core_warn() and return error pointer.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -44,8 +49,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-04-01T16:15:28Z"