{
  "threat_severity" : "Moderate",
  "public_date" : "2013-02-19T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: net: CIPSO_V4_TAG_LOCAL tag NULL pointer dereference",
    "id" : "912900",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=912900"
  },
  "cvss" : {
    "cvss_base_score" : "4.4",
    "cvss_scoring_vector" : "AV:L/AC:M/Au:S/C:N/I:N/A:C",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call." ],
  "statement" : "This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6.\nThis issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2013-02-20T00:00:00Z",
    "advisory" : "RHSA-2013:0496",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-358.el6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Not affected",
    "package_name" : "realtime-kernel",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-0310\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-0310" ],
  "name" : "CVE-2013-0310",
  "csaw" : false
}