{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-04-14T00:00:00", "descriptions": [{"lang": "en", "value": "net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-28T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=60085c3d009b0df252547adb336d1ccca5ce52ec"}, {"name": "openSUSE-SU-2013:1187", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html"}, {"name": "MDVSA-2013:176", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/60085c3d009b0df252547adb336d1ccca5ce52ec"}, {"name": "USN-1837-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1837-1"}, {"name": "[linux-kernel] 20130414 Linux 3.9-rc7", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lkml.org/lkml/2013/4/14/107"}, {"name": "[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/04/14/3"}, {"name": "openSUSE-SU-2013:1971", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"}, {"name": "SUSE-SU-2013:1182", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3235", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=60085c3d009b0df252547adb336d1ccca5ce52ec", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=60085c3d009b0df252547adb336d1ccca5ce52ec"}, {"name": "openSUSE-SU-2013:1187", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html"}, {"name": "MDVSA-2013:176", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"}, {"name": "https://github.com/torvalds/linux/commit/60085c3d009b0df252547adb336d1ccca5ce52ec", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/60085c3d009b0df252547adb336d1ccca5ce52ec"}, {"name": "USN-1837-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1837-1"}, {"name": "[linux-kernel] 20130414 Linux 3.9-rc7", "refsource": "MLIST", "url": "https://lkml.org/lkml/2013/4/14/107"}, {"name": "[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/04/14/3"}, {"name": "openSUSE-SU-2013:1971", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"}, {"name": "SUSE-SU-2013:1182", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:00:10.120Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=60085c3d009b0df252547adb336d1ccca5ce52ec"}, {"name": "openSUSE-SU-2013:1187", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html"}, {"name": "MDVSA-2013:176", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/60085c3d009b0df252547adb336d1ccca5ce52ec"}, {"name": "USN-1837-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1837-1"}, {"name": "[linux-kernel] 20130414 Linux 3.9-rc7", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lkml.org/lkml/2013/4/14/107"}, {"name": "[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/04/14/3"}, {"name": "openSUSE-SU-2013:1971", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"}, {"name": "SUSE-SU-2013:1182", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-3235", "datePublished": "2013-04-22T10:00:00", "dateReserved": "2013-04-21T00:00:00", "dateUpdated": "2024-08-06T16:00:10.120Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:rc6:*:*:*:*:*:*", "matchCriteriaId": "1392DF39-079B-48C9-83FB-F9118D7A9B8E", "versionEndIncluding": "3.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc1:*:*:*:*:*:*", "matchCriteriaId": "42633FF9-FB0C-4095-B4A1-8D623A98683B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc2:*:*:*:*:*:*", "matchCriteriaId": "08C04619-89A2-4B15-82A2-48BCC662C1F1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc3:*:*:*:*:*:*", "matchCriteriaId": "5B039196-7159-476C-876A-C61242CC41DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc4:*:*:*:*:*:*", "matchCriteriaId": "3A9E0457-53C9-44DD-ACFB-31EE1D1E060E", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc5:*:*:*:*:*:*", "matchCriteriaId": "BEE406E7-87BA-44BA-BF61-673E6CC44A2F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call."}, {"lang": "es", "value": "net/tipc/socket.c en el kernel de Linux anterior a v3.9-rc7 no inicializa correctamente cierta longitud de variable, permitiendo a usuarios locales obtener informaci\u00f3n sensible desde la pila del kernel mediante una syscall recvmsg o recvfrom."}], "id": "CVE-2013-3235", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-04-22T11:41:01.547", "references": [{"source": "cve@mitre.org", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=60085c3d009b0df252547adb336d1ccca5ce52ec"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2013/04/14/3"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-1837-1"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://github.com/torvalds/linux/commit/60085c3d009b0df252547adb336d1ccca5ce52ec"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://lkml.org/lkml/2013/4/14/107"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=60085c3d009b0df252547adb336d1ccca5ce52ec"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2013/04/14/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1837-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/torvalds/linux/commit/60085c3d009b0df252547adb336d1ccca5ce52ec"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://lkml.org/lkml/2013/4/14/107"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:1034", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "kernel-0:2.6.18-348.12.1.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-07-10T00:00:00Z"}], "bugzilla": {"description": "Kernel: tipc: info leaks via msg_name in recv_msg/recv_stream", "id": "956145", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=956145"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "verified"}, "details": ["net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call."], "name": "CVE-2013-3235", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2013-04-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-3235\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-3235"], "statement": "This issue does not affect the versions of Linux kernel as shipped with\nRed Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2.\nThis issue affects the version of the kernel package as shipped with\nRed Hat Enterprise Linux 5. Future kernel updates for Red Hat Enterprise Linux 5\nmay address this issue.", "threat_severity": "Low"}

{}