{
  "threat_severity" : "Low",
  "public_date" : "2013-04-07T00:00:00Z",
  "bugzilla" : {
    "description" : "Kernel: tipc: info leaks via msg_name in recv_msg/recv_stream",
    "id" : "956145",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=956145"
  },
  "cvss" : {
    "cvss_base_score" : "2.1",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
    "status" : "verified"
  },
  "details" : [ "net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call." ],
  "statement" : "This issue does not affect the versions of Linux kernel as shipped with\nRed Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2.\nThis issue affects the version of the kernel package as shipped with\nRed Hat Enterprise Linux 5. Future kernel updates for Red Hat Enterprise Linux 5\nmay address this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2013-07-10T00:00:00Z",
    "advisory" : "RHSA-2013:1034",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "kernel-0:2.6.18-348.12.1.el5"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Not affected",
    "package_name" : "realtime-kernel",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-3235\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-3235" ],
  "name" : "CVE-2013-3235",
  "csaw" : false
}