CVE-2019-3460

Exploit

EPSS 0.47%
Veröffentlicht 11.04.2019 16:29:02
Zuletzt bearbeitet 21.11.2024 04:42:05
Quelle security@debian.org
CVE-Watchlists
Login
Unerledigt
Login

A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 21

NVD 27 VulnDex Vulnerability Enrichment 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version <= 5.1

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.10

Debian ≫ Debian Linux Version8.0

Redhat ≫ Codeready Linux Builder Version8.0

Redhat ≫ Virtualization Host Version4.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Eus Version8.1

Redhat ≫ Enterprise Linux Eus Version8.2

Redhat ≫ Enterprise Linux Eus Version8.4

Redhat ≫ Enterprise Linux For Real Time Version7

Redhat ≫ Enterprise Linux For Real Time Version8

Redhat ≫ Enterprise Linux For Real Time For Nfv Version7

Redhat ≫ Enterprise Linux For Real Time For Nfv Version8

Redhat ≫ Enterprise Linux For Real Time For Nfv Tus Version8.2

Redhat ≫ Enterprise Linux For Real Time For Nfv Tus Version8.4

Redhat ≫ Enterprise Linux For Real Time Tus Version8.2

Redhat ≫ Enterprise Linux For Real Time Tus Version8.4

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version8.2

Redhat ≫ Enterprise Linux Server Aus Version8.4

Redhat ≫ Enterprise Linux Server Tus Version8.2

Redhat ≫ Enterprise Linux Server Tus Version8.4

Redhat ≫ Enterprise Linux Workstation Version7.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.47%	0.64

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:P/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://access.redhat.com/errata/RHSA-2019:3517

Third Party Advisory

http://www.openwall.com/lists/oss-security/2019/06/27/7

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2019/06/28/1

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2019/06/28/2

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html

Third Party Advisory

Mailing List

https://access.redhat.com/errata/RHSA-2019:2029

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2043

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html

Third Party Advisory

Mailing List

https://access.redhat.com/errata/RHSA-2019:3309

Third Party Advisory

http://www.openwall.com/lists/oss-security/2019/06/27/2

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2019/08/12/1

Third Party Advisory

Mailing List

https://access.redhat.com/errata/RHSA-2020:0740

Third Party Advisory

https://marc.info/?l=oss-security&m=154721580222522&w=2

Patch

Third Party Advisory

Exploit

https://bugzilla.redhat.com/show_bug.cgi?id=1663179

Third Party Advisory

Issue Tracking

Mitigation

https://git.kernel.org/linus/af3d5d1c87664a4f150fcf3534c6567cb19909b0

Patch

Vendor Advisory

https://lore.kernel.org/linux-bluetooth/20190110062917.GB15047%40kroah.com/

https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3460.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-3460

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-3460

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-3460

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-3460