{
  "threat_severity" : "Low",
  "public_date" : "2013-12-31T00:00:00Z",
  "bugzilla" : {
    "description" : "Kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helper",
    "id" : "1058748",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1058748"
  },
  "cvss" : {
    "cvss_base_score" : "2.6",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:P/I:N/A:N",
    "status" : "verified"
  },
  "details" : [ "The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature." ],
  "statement" : "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.",
  "acknowledgement" : "This issue was discovered by Daniel Borkmann (Red Hat Inc).",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2014-04-28T00:00:00Z",
    "advisory" : "RHSA-2014:0439",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-0:3.10.33-rt32.33.el6rt"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-1690\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1690" ],
  "name" : "CVE-2014-1690",
  "csaw" : false
}