{
  "threat_severity" : "Moderate",
  "public_date" : "2016-04-28T00:00:00Z",
  "bugzilla" : {
    "description" : "glibc: getaddrinfo should reject IP addresses with trailing characters",
    "id" : "1347549",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1347549"
  },
  "cvss" : {
    "cvss_base_score" : "4.6",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-20",
  "details" : [ "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings." ],
  "statement" : "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
  "affected_release" : [ {
    "product_name" : "Red Hat Ansible Tower 3.4 for RHEL 7",
    "release_date" : "2020-02-18T00:00:00Z",
    "advisory" : "RHBA-2020:0547",
    "cpe" : "cpe:/a:redhat:ansible_tower:3.4::el7",
    "package" : "ansible-tower-34/ansible-tower-memcached:1.4.15-28"
  }, {
    "product_name" : "Red Hat Ansible Tower 3.4 for RHEL 7",
    "release_date" : "2020-02-18T00:00:00Z",
    "advisory" : "RHBA-2020:0547",
    "cpe" : "cpe:/a:redhat:ansible_tower:3.4::el7",
    "package" : "ansible-tower-35/ansible-tower-memcached:1.4.15-28"
  }, {
    "product_name" : "Red Hat Ansible Tower 3.4 for RHEL 7",
    "release_date" : "2020-02-18T00:00:00Z",
    "advisory" : "RHBA-2020:0547",
    "cpe" : "cpe:/a:redhat:ansible_tower:3.4::el7",
    "package" : "ansible-tower-37/ansible-tower-memcached-rhel7:1.4.15-28"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-08-06T00:00:00Z",
    "advisory" : "RHSA-2019:2118",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "glibc-0:2.17-292.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2019-11-05T00:00:00Z",
    "advisory" : "RHSA-2019:3513",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "glibc-0:2.28-72.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2019-11-05T00:00:00Z",
    "advisory" : "RHSA-2019:3513",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "glibc-0:2.28-72.el8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-10739\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10739" ],
  "name" : "CVE-2016-10739",
  "csaw" : false
}