{ "threat_severity" : "Low", "public_date" : "2019-03-01T00:00:00Z", "bugzilla" : { "description" : "QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables", "id" : "1678515", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1678515" }, "cvss3" : { "cvss3_base_score" : "2.8", "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "status" : "verified" }, "cwe" : "CWE-200", "details" : [ "tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure." ], "acknowledgement" : "Red Hat would like to thank William Bowling for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2019-07-02T00:00:00Z", "advisory" : "RHSA-2019:1650", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "qemu-kvm-2:0.12.1.2-2.506.el6_10.4" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-08-06T00:00:00Z", "advisory" : "RHSA-2019:2078", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "qemu-kvm-10:1.5.3-167.el7" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3345", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "virt-devel:rhel-8010020190916153839.cdc1202b" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3345", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "virt:rhel-8010020190916153839.cdc1202b" }, { "product_name" : "Red Hat OpenStack Platform 10.0 (Newton)", "release_date" : "2019-08-09T00:00:00Z", "advisory" : "RHSA-2019:2425", "cpe" : "cpe:/a:redhat:openstack:10::el7", "package" : "qemu-kvm-rhev-10:2.12.0-33.el7", "impact" : "low" }, { "product_name" : "Red Hat OpenStack Platform 13.0 (Queens)", "release_date" : "2019-08-09T00:00:00Z", "advisory" : "RHSA-2019:2425", "cpe" : "cpe:/a:redhat:openstack:13::el7", "package" : "qemu-kvm-rhev-10:2.12.0-33.el7", "impact" : "low" }, { "product_name" : "Red Hat OpenStack Platform 14.0 (Rocky)", "release_date" : "2019-08-09T00:00:00Z", "advisory" : "RHSA-2019:2425", "cpe" : "cpe:/a:redhat:openstack:14::el7", "package" : "qemu-kvm-rhev-10:2.12.0-33.el7", "impact" : "low" }, { "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date" : "2019-08-22T00:00:00Z", "advisory" : "RHSA-2019:2553", "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package" : "qemu-kvm-rhev-10:2.12.0-33.el7" }, { "product_name" : "Red Hat Virtualization Engine 4.3", "release_date" : "2019-08-22T00:00:00Z", "advisory" : "RHSA-2019:2553", "cpe" : "cpe:/a:redhat:rhev_manager:4.3", "package" : "qemu-kvm-rhev-10:2.12.0-33.el7" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Will not fix", "package_name" : "kvm", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "xen", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat OpenStack Platform 8 (Liberty)", "fix_state" : "Fix deferred", "package_name" : "qemu-kvm-rhev", "cpe" : "cpe:/a:redhat:openstack:8" }, { "product_name" : "Red Hat OpenStack Platform 9 (Mitaka)", "fix_state" : "Fix deferred", "package_name" : "qemu-kvm-rhev", "cpe" : "cpe:/a:redhat:openstack:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-9824\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9824" ], "name" : "CVE-2019-9824", "csaw" : false }