{
  "threat_severity" : "Low",
  "public_date" : "2018-08-10T16:01:00Z",
  "bugzilla" : {
    "description" : "lldptool: improper sanitization of shell-escape codes",
    "id" : "1614896",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1614896"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-117",
  "details" : [ "lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.", "lldptool can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal." ],
  "statement" : "Red Hat Product Security has rated this issue as having a security impact of Low, and a future update may address this flaw.",
  "acknowledgement" : "This issue was discovered by Aaron Conole (Red Hat).",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-08-06T00:00:00Z",
    "advisory" : "RHBA-2019:2339",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "lldpad-0:1.0.1-5.git036e314.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2019-11-05T00:00:00Z",
    "advisory" : "RHSA-2019:3673",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "lldpad-0:1.0.1-13.git036e314.el8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "lldpad",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-10932\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10932" ],
  "name" : "CVE-2018-10932",
  "csaw" : false
}