[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-3638":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":30,"duplicate_of":9,"upstream":31,"downstream":32,"duplicates":51,"related":52,"reserved_at":9,"published_at":58,"modified_at":59,"state":60,"summary":61,"references_raw":69,"kevs":100,"epss":101,"epss_history":104,"metrics":371,"affected":382},"CVE-2021-3638","An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-787","Out-of-bounds Write","The product writes data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base","High",[],[21],{"_key":22,"name":23,"source":24,"url":25,"maturity":26,"reliability_score":27,"verified":28,"type":9,"platforms":29,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_EA2FDF64CC61571E","Exploit Reference (lists.nongnu.org)","reference","https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg01682.html","unknown",0.2,false,[],[],[],[33,35,37,39,41,43,45,47,49],{"_key":34},"SUSE-SU-2023:3444-1",{"_key":36},"SUSE-SU-2024:0589-1",{"_key":38},"UBUNTU-CVE-2021-3638",{"_key":40},"SUSE-SU-2023:3721-1",{"_key":42},"SUSE-SU-2023:4056-1",{"_key":44},"SUSE-SU-2023:4662-1",{"_key":46},"DSA-4980-1",{"_key":48},"USN-6567-1",{"_key":50},"DEBIAN-CVE-2021-3638",[],[53,54,55,56,57],{"_key":34},{"_key":36},{"_key":40},{"_key":42},{"_key":44},"2022-03-03T00:00:00.000Z","2024-08-03T17:01:07.554Z","Modified",{"cisa_kev":28,"cisa_ransomware":28,"cisa_vendor":9,"epss_severity":62,"epss_score":63,"severity":64,"severity_score":65,"severity_version":66,"severity_source":67,"severity_vector":68,"severity_status":60},"low",0.0002,"medium",6.5,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",[70,77,81,87,91,96],{"url":71,"sources":72,"tags":74},"https://bugzilla.redhat.com/show_bug.cgi?id=1979858",[73,67],"cve.org",[75,76],"Issue Tracking","Third Party Advisory",{"url":78,"sources":79,"tags":80},"https://ubuntu.com/security/CVE-2021-3638",[73,67],[76],{"url":25,"sources":82,"tags":83},[73,67],[84,85,86,76],"Exploit","Mailing List","Patch",{"url":88,"sources":89,"tags":90},"https://security.netapp.com/advisory/ntap-20220407-0003/",[73,67],[76],{"url":92,"sources":93,"tags":94},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/",[73,67],[95,85,76],"Vendor Advisory",{"url":97,"sources":98,"tags":99},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK/",[73,67],[95,85,76],[],{"date":102,"score":63,"percentile":103},"2026-06-04",0.05591,[105,109,112,115,118,121,124,127,130,133,136,139,142,145,148,152,155,158,161,164,167,170,173,175,178,181,184,187,190,193,196,199,202,205,208,211,214,217,220,223,226,229,232,235,238,241,244,247,250,253,256,259,262,265,268,271,274,277,279,282,285,288,291,294,297,300,303,306,309,312,314,317,320,323,326,329,332,334,337,340,343,346,349,352,355,358,361,363,365,368],{"date":106,"score":107,"percentile":108},"2025-11-04",0.00019,0.03618,{"date":110,"score":107,"percentile":111},"2025-11-05",0.03623,{"date":113,"score":107,"percentile":114},"2025-11-06",0.03657,{"date":116,"score":107,"percentile":117},"2025-11-07",0.03662,{"date":119,"score":107,"percentile":120},"2025-11-08",0.03671,{"date":122,"score":107,"percentile":123},"2025-11-09",0.03675,{"date":125,"score":107,"percentile":126},"2025-11-10",0.03655,{"date":128,"score":107,"percentile":129},"2025-11-11",0.03689,{"date":131,"score":107,"percentile":132},"2025-11-12",0.03709,{"date":134,"score":107,"percentile":135},"2025-11-13",0.03742,{"date":137,"score":107,"percentile":138},"2025-11-14",0.03749,{"date":140,"score":107,"percentile":141},"2025-11-15",0.03784,{"date":143,"score":107,"percentile":144},"2025-11-16",0.03782,{"date":146,"score":107,"percentile":147},"2025-11-17",0.03768,{"date":149,"score":150,"percentile":151},"2025-11-18",0.00078,0.1933,{"date":153,"score":150,"percentile":154},"2025-11-19",0.19352,{"date":156,"score":150,"percentile":157},"2025-11-20",0.19339,{"date":159,"score":107,"percentile":160},"2025-11-21",0.03859,{"date":162,"score":107,"percentile":163},"2025-11-22",0.03863,{"date":165,"score":107,"percentile":166},"2025-11-23",0.03855,{"date":168,"score":107,"percentile":169},"2025-11-24",0.03833,{"date":171,"score":107,"percentile":172},"2025-11-25",0.03828,{"date":174,"score":107,"percentile":160},"2025-11-26",{"date":176,"score":107,"percentile":177},"2025-11-27",0.03871,{"date":179,"score":107,"percentile":180},"2025-11-28",0.0387,{"date":182,"score":107,"percentile":183},"2025-11-29",0.03914,{"date":185,"score":107,"percentile":186},"2025-11-30",0.03925,{"date":188,"score":107,"percentile":189},"2025-12-01",0.04029,{"date":191,"score":63,"percentile":192},"2025-12-02",0.04304,{"date":194,"score":63,"percentile":195},"2025-12-03",0.04323,{"date":197,"score":63,"percentile":198},"2025-12-04",0.04268,{"date":200,"score":63,"percentile":201},"2025-12-05",0.04336,{"date":203,"score":63,"percentile":204},"2025-12-06",0.04351,{"date":206,"score":63,"percentile":207},"2025-12-07",0.04353,{"date":209,"score":63,"percentile":210},"2025-12-08",0.04358,{"date":212,"score":63,"percentile":213},"2025-12-09",0.04408,{"date":215,"score":63,"percentile":216},"2025-12-10",0.04449,{"date":218,"score":63,"percentile":219},"2025-12-11",0.0445,{"date":221,"score":63,"percentile":222},"2025-12-12",0.04466,{"date":224,"score":63,"percentile":225},"2025-12-13",0.04503,{"date":227,"score":63,"percentile":228},"2025-12-14",0.04485,{"date":230,"score":63,"percentile":231},"2025-12-15",0.04445,{"date":233,"score":63,"percentile":234},"2025-12-16",0.04455,{"date":236,"score":63,"percentile":237},"2025-12-17",0.04507,{"date":239,"score":63,"percentile":240},"2025-12-18",0.04542,{"date":242,"score":63,"percentile":243},"2025-12-19",0.04527,{"date":245,"score":63,"percentile":246},"2025-12-20",0.04525,{"date":248,"score":63,"percentile":249},"2025-12-21",0.04554,{"date":251,"score":63,"percentile":252},"2025-12-22",0.04496,{"date":254,"score":63,"percentile":255},"2025-12-23",0.04505,{"date":257,"score":63,"percentile":258},"2025-12-24",0.04523,{"date":260,"score":63,"percentile":261},"2025-12-25",0.04564,{"date":263,"score":63,"percentile":264},"2025-12-26",0.04566,{"date":266,"score":63,"percentile":267},"2025-12-27",0.0457,{"date":269,"score":63,"percentile":270},"2025-12-28",0.04557,{"date":272,"score":63,"percentile":273},"2025-12-29",0.04551,{"date":275,"score":63,"percentile":276},"2025-12-30",0.04488,{"date":278,"score":63,"percentile":237},"2025-12-31",{"date":280,"score":63,"percentile":281},"2026-01-01",0.04586,{"date":283,"score":63,"percentile":284},"2026-01-02",0.0459,{"date":286,"score":63,"percentile":287},"2026-01-03",0.04576,{"date":289,"score":63,"percentile":290},"2026-01-04",0.04473,{"date":292,"score":63,"percentile":293},"2026-01-05",0.04415,{"date":295,"score":63,"percentile":296},"2026-01-06",0.04414,{"date":298,"score":63,"percentile":299},"2026-01-07",0.04436,{"date":301,"score":63,"percentile":302},"2026-01-08",0.0447,{"date":304,"score":63,"percentile":305},"2026-01-09",0.04472,{"date":307,"score":63,"percentile":308},"2026-01-10",0.0448,{"date":310,"score":63,"percentile":311},"2026-01-11",0.04458,{"date":313,"score":63,"percentile":234},"2026-01-12",{"date":315,"score":63,"percentile":316},"2026-01-13",0.04446,{"date":318,"score":63,"percentile":319},"2026-01-14",0.0449,{"date":321,"score":63,"percentile":322},"2026-01-15",0.04407,{"date":324,"score":63,"percentile":325},"2026-01-16",0.04376,{"date":327,"score":63,"percentile":328},"2026-01-17",0.04375,{"date":330,"score":63,"percentile":331},"2026-01-18",0.04354,{"date":333,"score":63,"percentile":192},"2026-01-19",{"date":335,"score":63,"percentile":336},"2026-01-20",0.04264,{"date":338,"score":63,"percentile":339},"2026-01-21",0.04254,{"date":341,"score":63,"percentile":342},"2026-01-22",0.04244,{"date":344,"score":63,"percentile":345},"2026-01-23",0.04296,{"date":347,"score":63,"percentile":348},"2026-01-24",0.04341,{"date":350,"score":63,"percentile":351},"2026-01-25",0.04335,{"date":353,"score":63,"percentile":354},"2026-01-26",0.04322,{"date":356,"score":63,"percentile":357},"2026-01-27",0.04307,{"date":359,"score":63,"percentile":360},"2026-01-28",0.04289,{"date":362,"score":63,"percentile":192},"2026-01-29",{"date":364,"score":63,"percentile":357},"2026-01-30",{"date":366,"score":63,"percentile":367},"2026-01-31",0.04284,{"date":369,"score":63,"percentile":370},"2026-02-01",0.04385,[372],{"source":67,"cvss_v2_0":373,"cvss_v3_0":9,"cvss_v3_1":378,"cvss_v4_0":9},{"baseScore":374,"baseSeverity":9,"vectorString":375,"impactScore":376,"exploitabilityScore":377},2.1,"AV:L/AC:L/Au:N/C:N/I:N/A:P",2.9,3.9,{"baseScore":65,"baseSeverity":379,"vectorString":68,"impactScore":380,"exploitabilityScore":381},"MEDIUM",6.7,5.1,[383,393],{"ecosystem":9,"name":384,"vendor":385,"product":384,"cpe_part":386,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":387},"fedora","fedoraproject","o",[388,391],{"version":389,"is_range":28,"range_type":390,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"36","cpe",{"version":392,"is_range":28,"range_type":390,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"37",{"ecosystem":9,"name":394,"vendor":394,"product":394,"cpe_part":395,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":396},"qemu","a",[397],{"version":398,"is_range":399,"range_type":390,"version_start":400,"version_start_type":401,"version_end":402,"version_end_type":401,"fixed_in":9},"gte4.0.0_lte6.1.0",true,"4.0.0","including","6.1.0"]