{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-3564", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "dateUpdated": "2024-08-03T01:14:01.563Z", "dateReserved": "2022-10-17T00:00:00", "datePublished": "2022-10-17T00:00:00"}, "containers": {"cna": {"title": "Linux Kernel Bluetooth l2cap_core.c l2cap_reassemble_sdu use after free", "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2022-12-24T00:00:00"}, "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087."}], "affected": [{"vendor": "Linux", "product": "Kernel", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=89f9f3cb86b1c63badaf392a83dd661d56cc50b1"}, {"url": "https://vuldb.com/?id.211087"}, {"name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html"}, {"url": "https://security.netapp.com/advisory/ntap-20221223-0001/"}, {"name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-119 Memory Corruption -> CWE-416 Use After Free", "cweId": "CWE-119"}]}], "x_generator": "vuldb.com"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:14:01.563Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=89f9f3cb86b1c63badaf392a83dd661d56cc50b1", "tags": ["x_transferred"]}, {"url": "https://vuldb.com/?id.211087", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html"}, {"url": "https://security.netapp.com/advisory/ntap-20221223-0001/", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB09C3FF-8088-42BF-A847-8DF13DFB42C0", "versionEndExcluding": "4.9.333", "versionStartIncluding": "3.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2FE9A829-20E8-4929-AE9B-02761322A926", "versionEndExcluding": "4.14.299", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ABED5D97-9B16-4CF6-86E3-D5F5C4358E35", "versionEndExcluding": "4.19.265", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D67A077-EB45-4ADE-94CD-F9A76F6C319C", "versionEndExcluding": "5.4.224", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F3AD8A5-165D-4137-8B80-A166430D794C", "versionEndExcluding": "5.10.154", "versionStartIncluding": "5.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB8B27B9-B41B-42D5-AE67-0A89A8A8EEB1", "versionEndExcluding": "5.15.78", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC9A754E-625D-42F3-87A7-960D643E2867", "versionEndExcluding": "6.0.8", "versionStartIncluding": "5.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en el Kernel de Linux. Esta vulnerabilidad afecta a la funci\u00f3n l2cap_reassemble_sdu del archivo net/bluetooth/l2cap_core.c del componente Bluetooth. La manipulaci\u00f3n conlleva a un uso de memoria previamente liberada. Es recomendado aplicar un parche para corregir este problema. El identificador asociado a esta vulnerabilidad es VDB-211087"}], "id": "CVE-2022-3564", "lastModified": "2023-11-07T03:51:26.577", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2022-10-17T19:15:10.187", "references": [{"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=89f9f3cb86b1c63badaf392a83dd661d56cc50b1"}, {"source": "cna@vuldb.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html"}, {"source": "cna@vuldb.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20221223-0001/"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.211087"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:4150", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-1160.95.1.rt56.1241.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2023-07-18T00:00:00Z"}, {"advisory": "RHSA-2023:4151", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-1160.95.1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2023-07-18T00:00:00Z"}, {"advisory": "RHSA-2023:4215", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2023-07-19T00:00:00Z"}, {"advisory": "RHSA-2023:4020", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "kernel-0:3.10.0-693.111.1.el7", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2023-07-11T00:00:00Z"}, {"advisory": "RHSA-2023:4021", "cpe": "cpe:/o:redhat:rhel_aus:7.6", "package": "kernel-0:3.10.0-957.104.1.el7", "product_name": "Red Hat Enterprise Linux 7.6 Advanced Update Support", "release_date": "2023-07-11T00:00:00Z"}, {"advisory": "RHSA-2023:3277", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "kernel-0:3.10.0-1062.72.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2023-05-23T00:00:00Z"}, {"advisory": "RHSA-2023:3277", "cpe": "cpe:/o:redhat:rhel_tus:7.7", "package": "kernel-0:3.10.0-1062.72.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Telco Extended Update Support", "release_date": "2023-05-23T00:00:00Z"}, {"advisory": "RHSA-2023:3277", "cpe": "cpe:/o:redhat:rhel_e4s:7.7", "package": "kernel-0:3.10.0-1062.72.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions", "release_date": "2023-05-23T00:00:00Z"}, {"advisory": "RHSA-2023:3278", "cpe": "cpe:/o:redhat:rhel_e4s:7.7", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions", "release_date": "2023-05-23T00:00:00Z"}, {"advisory": "RHSA-2023:2736", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-477.10.1.rt7.274.el8_8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:2951", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-477.10.1.el8_8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:0856", "cpe": "cpe:/o:redhat:rhel_e4s:8.1", "package": "kernel-0:4.18.0-147.80.1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2023-02-21T00:00:00Z"}, {"advisory": "RHSA-2023:0858", "cpe": "cpe:/o:redhat:rhel_e4s:8.1", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2023-02-21T00:00:00Z"}, {"advisory": "RHSA-2023:1559", "cpe": "cpe:/o:redhat:rhel_aus:8.2", "package": "kernel-0:4.18.0-193.105.1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2023-04-04T00:00:00Z"}, {"advisory": "RHSA-2023:1560", "cpe": "cpe:/a:redhat:rhel_tus:8.2::nfv", "package": "kernel-rt-0:4.18.0-193.105.1.rt13.156.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-04-04T00:00:00Z"}, {"advisory": "RHSA-2023:1559", "cpe": "cpe:/o:redhat:rhel_tus:8.2", "package": "kernel-0:4.18.0-193.105.1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-04-04T00:00:00Z"}, {"advisory": "RHSA-2023:1559", "cpe": "cpe:/o:redhat:rhel_e4s:8.2", "package": "kernel-0:4.18.0-193.105.1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-04-04T00:00:00Z"}, {"advisory": "RHSA-2023:1666", "cpe": "cpe:/o:redhat:rhel_e4s:8.2", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-04-05T00:00:00Z"}, {"advisory": "RHSA-2023:1220", "cpe": "cpe:/a:redhat:rhel_eus:8.4::nfv", "package": "kernel-rt-0:4.18.0-305.82.1.rt7.154.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2023-03-14T00:00:00Z"}, {"advisory": "RHSA-2023:1221", "cpe": "cpe:/o:redhat:rhel_eus:8.4", "package": "kernel-0:4.18.0-305.82.1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2023-03-14T00:00:00Z"}, {"advisory": "RHSA-2023:1251", "cpe": "cpe:/o:redhat:rhel_eus:8.4", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2023-03-15T00:00:00Z"}, {"advisory": "RHSA-2023:3388", "cpe": "cpe:/o:redhat:rhel_eus:8.6", "package": "kernel-0:4.18.0-372.57.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-05-31T00:00:00Z"}, {"advisory": "RHSA-2023:3431", "cpe": "cpe:/o:redhat:rhel_eus:8.6", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-06-05T00:00:00Z"}, {"advisory": "RHSA-2023:0951", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-162.18.1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-02-28T00:00:00Z"}, {"advisory": "RHSA-2023:0979", "cpe": "cpe:/a:redhat:enterprise_linux:9::nfv", "package": "kernel-rt-0:5.14.0-162.18.1.rt21.181.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-02-28T00:00:00Z"}, {"advisory": "RHSA-2023:0951", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-162.18.1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-02-28T00:00:00Z"}, {"advisory": "RHSA-2023:1008", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-02-28T00:00:00Z"}, {"advisory": "RHSA-2023:1202", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "kernel-0:5.14.0-70.49.1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-03-14T00:00:00Z"}, {"advisory": "RHSA-2023:1203", "cpe": "cpe:/a:redhat:rhel_eus:9.0::nfv", "package": "kernel-rt-0:5.14.0-70.49.1.rt21.120.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-03-14T00:00:00Z"}, {"advisory": "RHSA-2023:1435", "cpe": "cpe:/o:redhat:rhel_eus:9.0", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-03-23T00:00:00Z"}, {"advisory": "RHSA-2023:3388", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "kernel-0:4.18.0-372.57.1.el8_6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2023-05-31T00:00:00Z"}, {"advisory": "RHSA-2023:3491", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "redhat-virtualization-host-0:4.5.3-202306050942_8.6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2023-06-06T00:00:00Z"}], "bugzilla": {"description": "kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c", "id": "2150999", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150999"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.", "A use-after-free flaw was found in the Linux kernel\u2019s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges."], "mitigation": {"lang": "en:us", "value": "To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the Customer Portal at https://access.redhat.com/solutions/2682931.\nAlternatively, Bluetooth can be disabled within the hardware or at BIOS level which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system."}, "name": "CVE-2022-3564", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2022-10-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-3564\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3564\nhttps://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=89f9f3cb86b1c63badaf392a83dd661d56cc50b1"], "statement": "This issue is rated between Moderate and Important (similar to the CVE-2022-45934) because of no known attack, and the attack would be complex. Anyway, consider this CVE-2022-3564 as Important because the use-after-free can potentially lead to privilege escalation or a potential remote system crash (and currently, a read after-free that in most cases would not lead to a remote system crash).", "threat_severity": "Important"}