[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2009-4020":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":68,"aliases":69,"duplicate_of":9,"upstream":70,"downstream":71,"duplicates":80,"related":81,"reserved_at":9,"published_at":82,"modified_at":83,"state":84,"summary":85,"references_raw":94,"kevs":169,"epss":170,"epss_history":173,"metrics":422,"affected":427},"CVE-2009-4020","Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-119","Improper Restriction of Operations within the Bounds of a Memory Buffer","The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.","weakness","Stable","Class","High",[20,24,28,32,36,40,44,48,52,56,60,64],{"id":21,"name":22,"techniques":23},"CAPEC-10","Buffer Overflow via Environment Variables",[],{"id":25,"name":26,"techniques":27},"CAPEC-100","Overflow Buffers",[],{"id":29,"name":30,"techniques":31},"CAPEC-123","Buffer Manipulation",[],{"id":33,"name":34,"techniques":35},"CAPEC-14","Client-side Injection-induced Buffer Overflow",[],{"id":37,"name":38,"techniques":39},"CAPEC-24","Filter Failure through Buffer Overflow",[],{"id":41,"name":42,"techniques":43},"CAPEC-42","MIME Conversion",[],{"id":45,"name":46,"techniques":47},"CAPEC-44","Overflow Binary Resource File",[],{"id":49,"name":50,"techniques":51},"CAPEC-45","Buffer Overflow via Symbolic Links",[],{"id":53,"name":54,"techniques":55},"CAPEC-46","Overflow Variables and Tags",[],{"id":57,"name":58,"techniques":59},"CAPEC-47","Buffer Overflow via Parameter Expansion",[],{"id":61,"name":62,"techniques":63},"CAPEC-8","Buffer Overflow in an API Call",[],{"id":65,"name":66,"techniques":67},"CAPEC-9","Buffer Overflow in Local Command-Line Utilities",[],[],[],[],[72,74,76,78],{"_key":73},"RHSA-2010:0046",{"_key":75},"RHSA-2010:0076",{"_key":77},"DSA-2003-1",{"_key":79},"DSA-2005-1",[],[],"2009-12-04T21:00:00.000Z","2024-08-07T06:45:50.888Z","Modified",{"cisa_kev":86,"cisa_ransomware":86,"cisa_vendor":9,"epss_severity":87,"epss_score":88,"severity":89,"severity_score":90,"severity_version":91,"severity_source":92,"severity_vector":93,"severity_status":84},false,"low",0.03814,"high",7.8,"v2.0","nvd","AV:N/AC:L/Au:N/C:N/I:N/A:C",[95,102,108,115,120,124,128,132,137,143,147,152,156,160,164],{"url":96,"sources":97,"tags":99},"http://marc.info/?l=linux-mm-commits&m=125987755823047&w=2",[98,92],"cve.org",[100,101],"Mailing List","X Refsource MLIST",{"url":103,"sources":104,"tags":105},"http://secunia.com/advisories/38276",[98,92],[106,107],"Third Party Advisory","X Refsource SECUNIA",{"url":109,"sources":110,"tags":111},"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10091",[98,92],[112,113,114],"VDB Entry","Signature","X Refsource OVAL",{"url":116,"sources":117,"tags":118},"http://support.avaya.com/css/P8/documents/100073666",[98,92],[119],"X Refsource CONFIRM",{"url":121,"sources":122,"tags":123},"http://www.openwall.com/lists/oss-security/2009/12/04/1",[98,92],[100,101],{"url":125,"sources":126,"tags":127},"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6750",[98,92],[112,113,114],{"url":129,"sources":130,"tags":131},"https://bugzilla.redhat.com/show_bug.cgi?id=540736",[98,92],[119],{"url":133,"sources":134,"tags":135},"http://userweb.kernel.org/~akpm/mmotm/broken-out/hfs-fix-a-potential-buffer-overflow.patch",[98,92],[119,136],"Patch",{"url":138,"sources":139,"tags":140},"http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html",[98,92],[141,142],"Vendor Advisory","X Refsource SUSE",{"url":144,"sources":145,"tags":146},"http://www.novell.com/linux/security/advisories/2010_23_kernel.html",[98,92],[141,142],{"url":148,"sources":149,"tags":150},"https://rhn.redhat.com/errata/RHSA-2010-0095.html",[98,92],[141,151],"X Refsource REDHAT",{"url":153,"sources":154,"tags":155},"http://secunia.com/advisories/39742",[98,92],[106,107],{"url":157,"sources":158,"tags":159},"http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html",[98,92],[141,142],{"url":161,"sources":162,"tags":163},"https://rhn.redhat.com/errata/RHSA-2010-0046.html",[98,92],[141,151],{"url":165,"sources":166,"tags":167},"http://www.debian.org/security/2010/dsa-2005",[98,92],[141,168],"X Refsource DEBIAN",[],{"date":171,"score":88,"percentile":172},"2026-06-04",0.88317,[174,177,180,183,186,189,192,195,198,200,203,206,208,211,214,217,220,223,226,229,231,233,236,238,240,243,246,248,251,254,257,260,263,266,269,272,275,278,281,284,287,290,293,296,299,302,305,308,311,313,316,318,321,324,327,330,333,336,339,342,345,348,351,353,355,358,360,362,365,367,369,371,373,376,379,382,384,387,389,392,395,398,400,403,406,408,411,414,417,419],{"date":175,"score":88,"percentile":176},"2025-11-04",0.87618,{"date":178,"score":88,"percentile":179},"2025-11-05",0.87619,{"date":181,"score":88,"percentile":182},"2025-11-06",0.87607,{"date":184,"score":88,"percentile":185},"2025-11-07",0.87612,{"date":187,"score":88,"percentile":188},"2025-11-08",0.87615,{"date":190,"score":88,"percentile":191},"2025-11-09",0.8761,{"date":193,"score":88,"percentile":194},"2025-11-10",0.87608,{"date":196,"score":88,"percentile":197},"2025-11-11",0.87614,{"date":199,"score":88,"percentile":179},"2025-11-12",{"date":201,"score":88,"percentile":202},"2025-11-13",0.87623,{"date":204,"score":88,"percentile":205},"2025-11-14",0.87627,{"date":207,"score":88,"percentile":202},"2025-11-15",{"date":209,"score":88,"percentile":210},"2025-11-16",0.87629,{"date":212,"score":88,"percentile":213},"2025-11-17",0.87624,{"date":215,"score":88,"percentile":216},"2025-11-18",0.86978,{"date":218,"score":88,"percentile":219},"2025-11-19",0.8698,{"date":221,"score":88,"percentile":222},"2025-11-20",0.86983,{"date":224,"score":88,"percentile":225},"2025-11-21",0.87637,{"date":227,"score":88,"percentile":228},"2025-11-22",0.87633,{"date":230,"score":88,"percentile":210},"2025-11-23",{"date":232,"score":88,"percentile":210},"2025-11-24",{"date":234,"score":88,"percentile":235},"2025-11-25",0.8763,{"date":237,"score":88,"percentile":210},"2025-11-26",{"date":239,"score":88,"percentile":235},"2025-11-27",{"date":241,"score":88,"percentile":242},"2025-11-28",0.87616,{"date":244,"score":88,"percentile":245},"2025-11-29",0.8769,{"date":247,"score":88,"percentile":245},"2025-11-30",{"date":249,"score":88,"percentile":250},"2025-12-01",0.87752,{"date":252,"score":88,"percentile":253},"2025-12-02",0.87754,{"date":255,"score":88,"percentile":256},"2025-12-03",0.87753,{"date":258,"score":88,"percentile":259},"2025-12-04",0.87688,{"date":261,"score":88,"percentile":262},"2025-12-05",0.87692,{"date":264,"score":88,"percentile":265},"2025-12-06",0.87689,{"date":267,"score":88,"percentile":268},"2025-12-07",0.87686,{"date":270,"score":88,"percentile":271},"2025-12-08",0.87687,{"date":273,"score":88,"percentile":274},"2025-12-09",0.877,{"date":276,"score":88,"percentile":277},"2025-12-10",0.87715,{"date":279,"score":88,"percentile":280},"2025-12-11",0.8772,{"date":282,"score":88,"percentile":283},"2025-12-12",0.87725,{"date":285,"score":88,"percentile":286},"2025-12-13",0.87726,{"date":288,"score":88,"percentile":289},"2025-12-14",0.87721,{"date":291,"score":88,"percentile":292},"2025-12-15",0.87719,{"date":294,"score":88,"percentile":295},"2025-12-16",0.87724,{"date":297,"score":88,"percentile":298},"2025-12-17",0.87727,{"date":300,"score":88,"percentile":301},"2025-12-18",0.87735,{"date":303,"score":88,"percentile":304},"2025-12-19",0.87738,{"date":306,"score":88,"percentile":307},"2025-12-20",0.87736,{"date":309,"score":88,"percentile":310},"2025-12-21",0.87742,{"date":312,"score":88,"percentile":310},"2025-12-22",{"date":314,"score":88,"percentile":315},"2025-12-23",0.87747,{"date":317,"score":88,"percentile":250},"2025-12-24",{"date":319,"score":88,"percentile":320},"2025-12-25",0.87764,{"date":322,"score":88,"percentile":323},"2025-12-26",0.87763,{"date":325,"score":88,"percentile":326},"2025-12-27",0.87799,{"date":328,"score":88,"percentile":329},"2025-12-28",0.87751,{"date":331,"score":88,"percentile":332},"2025-12-29",0.87745,{"date":334,"score":88,"percentile":335},"2025-12-30",0.87755,{"date":337,"score":88,"percentile":338},"2025-12-31",0.87767,{"date":340,"score":88,"percentile":341},"2026-01-01",0.87824,{"date":343,"score":88,"percentile":344},"2026-01-02",0.8782,{"date":346,"score":88,"percentile":347},"2026-01-03",0.87819,{"date":349,"score":88,"percentile":350},"2026-01-04",0.87757,{"date":352,"score":88,"percentile":256},"2026-01-05",{"date":354,"score":88,"percentile":350},"2026-01-06",{"date":356,"score":88,"percentile":357},"2026-01-07",0.87759,{"date":359,"score":88,"percentile":320},"2026-01-08",{"date":361,"score":88,"percentile":320},"2026-01-09",{"date":363,"score":88,"percentile":364},"2026-01-10",0.87765,{"date":366,"score":88,"percentile":350},"2026-01-11",{"date":368,"score":88,"percentile":335},"2026-01-12",{"date":370,"score":88,"percentile":253},"2026-01-13",{"date":372,"score":88,"percentile":338},"2026-01-14",{"date":374,"score":88,"percentile":375},"2026-01-15",0.87769,{"date":377,"score":88,"percentile":378},"2026-01-16",0.87773,{"date":380,"score":88,"percentile":381},"2026-01-17",0.87775,{"date":383,"score":88,"percentile":381},"2026-01-18",{"date":385,"score":88,"percentile":386},"2026-01-19",0.87772,{"date":388,"score":88,"percentile":386},"2026-01-20",{"date":390,"score":88,"percentile":391},"2026-01-21",0.87776,{"date":393,"score":88,"percentile":394},"2026-01-22",0.87781,{"date":396,"score":88,"percentile":397},"2026-01-23",0.87792,{"date":399,"score":88,"percentile":326},"2026-01-24",{"date":401,"score":88,"percentile":402},"2026-01-25",0.87795,{"date":404,"score":88,"percentile":405},"2026-01-26",0.87794,{"date":407,"score":88,"percentile":402},"2026-01-27",{"date":409,"score":88,"percentile":410},"2026-01-28",0.87798,{"date":412,"score":88,"percentile":413},"2026-01-29",0.87803,{"date":415,"score":88,"percentile":416},"2026-01-30",0.87804,{"date":418,"score":88,"percentile":326},"2026-01-31",{"date":420,"score":88,"percentile":421},"2026-02-01",0.87868,[423],{"source":92,"cvss_v2_0":424,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":90,"baseSeverity":9,"vectorString":93,"impactScore":425,"exploitabilityScore":426},6.9,10,[428],{"ecosystem":9,"name":429,"vendor":430,"product":431,"cpe_part":432,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":433},"linux kernel","linux","linux_kernel","o",[434],{"version":435,"is_range":86,"range_type":436,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.6.32","cpe"]