{
  "GSD": {
    "alias": "CVE-2023-39197",
    "id": "GSD-2023-39197"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-39197"
      ],
      "details": "An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.",
      "id": "GSD-2023-39197",
      "modified": "2023-12-13T01:20:33.470113Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2023-39197",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Red Hat Enterprise Linux 6",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unknown"
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 7",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unknown"
                          }
                        },
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unknown"
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 8",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        },
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 9",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        },
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Red Hat"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-125",
                "lang": "eng",
                "value": "Out-of-bounds Read"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://access.redhat.com/security/cve/CVE-2023-39197",
            "refsource": "MISC",
            "url": "https://access.redhat.com/security/cve/CVE-2023-39197"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2218342",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218342"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol."
          },
          {
            "lang": "es",
            "value": "Se encontr\u00f3 una vulnerabilidad de lectura fuera de los l\u00edmites en Netfilter Connection Tracking (conntrack) en el kernel de Linux. Esta falla permite que un usuario remoto revele informaci\u00f3n confidencial a trav\u00e9s del protocolo DCCP."
          }
        ],
        "id": "CVE-2023-39197",
        "lastModified": "2024-01-30T02:04:00.813",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.2,
              "impactScore": 1.4,
              "source": "secalert@redhat.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-01-23T03:15:11.683",
        "references": [
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-39197"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Issue Tracking",
              "Third Party Advisory"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218342"
          }
        ],
        "sourceIdentifier": "secalert@redhat.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-125"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-125"
              }
            ],
            "source": "secalert@redhat.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um Informationen offenzulegen, seine Privilegien zu erweitern oder einen Denial-of-Service-Zustand auszul\u00f6sen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2864 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2864.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2864 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2864"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6549-4 vom 2024-01-05",
        "url": "https://ubuntu.com/security/notices/USN-6549-4"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6549-1 vom 2023-12-12",
        "url": "https://ubuntu.com/security/notices/USN-6549-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0622-1 vom 2024-02-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/018010.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6534-2 vom 2023-12-12",
        "url": "https://ubuntu.com/security/notices/USN-6534-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6549-2 vom 2023-12-12",
        "url": "https://ubuntu.com/security/notices/USN-6549-2"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2024-045 vom 2024-01-09",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2024-045.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2024-2391 vom 2024-01-10",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2391.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6549-5 vom 2024-01-10",
        "url": "https://ubuntu.com/security/notices/USN-6549-5"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4782-1 vom 2023-12-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017333.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4784-1 vom 2023-12-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017319.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6534-3 vom 2023-12-13",
        "url": "https://ubuntu.com/security/notices/USN-6534-3"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4811-1 vom 2023-12-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017340.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4783-1 vom 2023-12-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017320.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4810-1 vom 2023-12-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017341.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6549-3 vom 2023-12-13",
        "url": "https://ubuntu.com/security/notices/USN-6549-3"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4730-1 vom 2023-12-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017384.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4732-1 vom 2023-12-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017376.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4735-1 vom 2023-12-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017380.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4731-1 vom 2023-12-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017378.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4733-1 vom 2023-12-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017383.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4734-1 vom 2023-12-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017379.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4882-1 vom 2023-12-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017434.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4883-1 vom 2023-12-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017435.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0666-1 vom 2024-02-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/018066.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0662-1 vom 2024-02-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/018065.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0655-1 vom 2024-02-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/018060.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0705-1 vom 2024-02-29",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/018067.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0698-1 vom 2024-02-29",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/018070.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0112-1 vom 2024-01-17",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017672.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0727-1 vom 2024-02-29",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/018072.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2024-047 vom 2024-01-23",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2024-047.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Bugzilla \u2013 Bug 2218342",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2023-39197"
      },
      {
        "category": "external",
        "summary": "RedHat Customer Portal f\u00fcr CVE-2023-39197 vom 2023-11-08",
        "url": "https://access.redhat.com/security/cve/CVE-2023-39197"
      },
      {
        "category": "external",
        "summary": "Red Hat Bugzilla \u2013 Bug 2218332",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2023-39198"
      },
      {
        "category": "external",
        "summary": "RedHat Customer Portal f\u00fcr CVE-2023-39198 vom 2023-11-08",
        "url": "https://access.redhat.com/security/cve/CVE-2023-39198"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6534-1 vom 2023-12-06",
        "url": "https://ubuntu.com/security/notices/USN-6534-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6700-1 vom 2024-03-19",
        "url": "https://ubuntu.com/security/notices/USN-6700-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6701-1 vom 2024-03-19",
        "url": "https://ubuntu.com/security/notices/USN-6701-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6701-2 vom 2024-03-20",
        "url": "https://ubuntu.com/security/notices/USN-6701-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6700-2 vom 2024-03-21",
        "url": "https://ubuntu.com/security/notices/USN-6700-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6701-3 vom 2024-03-26",
        "url": "https://ubuntu.com/security/notices/USN-6701-3"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6701-4 vom 2024-04-09",
        "url": "https://ubuntu.com/security/notices/USN-6701-4"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2394 vom 2024-04-30",
        "url": "https://access.redhat.com/errata/RHSA-2024:2394"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-198 vom 2024-05-08",
        "url": "https://www.dell.com/support/kbdoc/000224827/dsa-2024-="
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7152469 vom 2024-05-15",
        "url": "https://www.ibm.com/support/pages/node/7152469"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3138 vom 2024-05-22",
        "url": "https://access.redhat.com/errata/RHSA-2024:3138"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2950 vom 2024-05-22",
        "url": "https://access.redhat.com/errata/RHSA-2024:2950"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7156774 vom 2024-06-07",
        "url": "https://www.ibm.com/support/pages/node/7156774"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-06-09T22:00:00.000+00:00",
      "generator": {
        "date": "2024-06-10T08:07:54.279+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2023-2864",
      "initial_release_date": "2023-11-08T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-11-08T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-12-05T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-12-11T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-12-12T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-12-13T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
        },
        {
          "date": "2023-12-14T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-12-17T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-01-07T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-01-09T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2024-01-10T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-01-17T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-01-22T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2024-02-26T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-02-28T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-02-29T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-03-18T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-03-20T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-03-21T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-03-25T23:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-04-09T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-04-29T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-05-07T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-05-15T22:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-05-21T22:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-06-09T22:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "25"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "virtual",
                "product": {
                  "name": "Dell NetWorker virtual",
                  "product_id": "T034583",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:virtual"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "NetWorker"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "EMC Avamar",
            "product": {
              "name": "EMC Avamar",
              "product_id": "T014381",
              "product_identification_helper": {
                "cpe": "cpe:/a:emc:avamar:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "EMC"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM QRadar SIEM",
            "product": {
              "name": "IBM QRadar SIEM",
              "product_id": "T021415",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:qradar_siem:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "12",
                "product": {
                  "name": "IBM Security Guardium 12.0",
                  "product_id": "T031092",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:security_guardium:12.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Security Guardium"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c6.4.4",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.4.4",
                  "product_id": "T031013",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.4.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.5-rc7",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.5-rc7",
                  "product_id": "T031014",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.5-rc7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux Kernel"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-39197",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle im Linux-Kernel. Dieser Fehler besteht in der Komponente Netfilter Connection Tracking aufgrund eines Out-of-Bounds-Read-Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T000126",
          "T021415",
          "T031092",
          "T034583",
          "398363"
        ]
      },
      "release_date": "2023-11-08T23:00:00Z",
      "title": "CVE-2023-39197"
    },
    {
      "cve": "CVE-2023-39198",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle im Linux-Kernel. Dieser Fehler besteht im QXL-Treiber aufgrund einer Race Condition, die es erlaubt, den zur\u00fcckgegebenen qobj-Handle-Wert zu erraten und ein Use-after-free-Problem auszul\u00f6sen. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T000126",
          "T021415",
          "T031092",
          "T034583",
          "398363"
        ]
      },
      "release_date": "2023-11-08T23:00:00Z",
      "title": "CVE-2023-39198"
    }
  ]
}

{
  "affected": [],
  "aliases": [
    "CVE-2023-39197"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-23T03:15:11Z",
    "severity": "MODERATE"
  },
  "details": "An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.",
  "id": "GHSA-w83m-85f8-627v",
  "modified": "2024-01-23T03:31:08Z",
  "published": "2024-01-23T03:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39197"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-39197"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218342"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}